Skip to content

v1.5.0 - built-in attacker replay (option 9)

Choose a tag to compare

@gladjohn gladjohn released this 30 Jun 13:21

Option 9 - Attacker replay: paste a stolen token and the exe calls Key Vault with it as a plain bearer (no binding cert). Decodes the token to show whether it is bound (cnf claim), then: 200 = EXFILTRATED (bearer accepted), 401 = BLOCKED (bound token rejected), 403 = RBAC. No separate tool needed - run the same exe on the attacker VM.