Organizations deploy sophisticated multifactor authentication, or MFA, requiring biometrics, one-time pins and password managers, yet authentication still ends with a 40-year-old technology - plain text bearer tokens stored in browser cookies. Info stealers harvest billions of these session cookies annually through cracked software downloads, bypassing every authentication factor by simply copying three cookie values between machines.

Session hijacking remains undetectable until organizations implement monitoring that alerts when authentication occurs without corresponding MFA prompts.

In this session, Caleb Patten of Naval Criminal Investigative Service will demonstrate:

• Session hijacking using only Chrome developer tools to copy cookies between victim and attacker machines;
• Canary session cookie deployment creating honeypot accounts that trigger alerts when accessed via stolen tokens;
• Conditional access policies blocking impossible travel scenarios and forcing MFA re-prompts for suspicious behavior patterns.