During a routine assessment, logs reveal repeated efforts to scan RAM on a user workstation for tokens. The attacker aims to gather account information to break into other systems. Which approach are they using?
Overriding a driver to gain elevated privileges
Planting malicious instructions in a background service
Acquiring ephemeral session data from active logins
Injecting harmful content into a legitimate update process
Acquiring ephemeral session data from active logins grants unauthorized entry by reusing existing user credentials. Planting malicious instructions in a background service mostly focuses on hidden code execution. Injecting harmful content into a legitimate update process replaces trusted installations but does not capture user authentication data. Overriding a driver can expand privileges, yet it does not necessarily deliver stored credentials to the attacker.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is ephemeral session data?
Open an interactive chat with Bash
How do attackers scan RAM for session tokens?
Open an interactive chat with Bash
Why is capturing ephemeral session data effective for attackers?