“With this talk, we want to revive the interest in the largely ignored method of web application account compromise through cookie stealing, by introducing a new powershell module “”CookieMonstruo””, which aims to be the default post-exploitation tool for session hijacking.

Through the use of this tool we will show the implications of lax session management controls in web applications, especially the ones providing a social login functionality. We will show various demos of how the tool can be used and discuss possible mitigations for this risk.”

Martin von Knobloch is a Senior Security Consultant at FortConsult, Denmark. Apart from his role as a pentester and security advisor, he enjoys evangelizing the regular citizens about what a dangerous place the Internet can be, while advising them how to engage in safe IT security practices. Tired of the getting the usual question that immediately follows after introducing himself as a white-hat hacker: “Oh, does that mean that you can hack my [insert social media site/e-mail provider/etc.]?”, he decided to embark on a journey of discovering a practical hacker’s approach to achieving this goal.



[Slides (PDF)] [Recording (MP4)] [Recording (OGV)]

Comments are closed.