December Trend Sharing Session
Online
Credential Theft Evolved: Session Tokens as the New Keys to the Kingdom
| Date: | Thu 4 December 2025, 11am ET |
| Location: | Online |
| Delegates: | 100+ |
| Free Registration: | Regsister Now! |
Adversaries don’t need passwords when they have your tokens!
In this webinar, Eric Clay, Chief Marketing Officer and Research Team Co-Lead and Nick Ascoli, Director Product Strategy, at Flare, will uncover the evolving tradecraft behind session hijacking and cookie theft—two increasingly common techniques leveraged by cybercriminals to bypass MFA, impersonate users, and maintain long-term persistence.
They’ll explore how threat actors harvest and weaponize session tokens, how these credentials are trafficked in the cybercrime underground, and how defenders can identify the telltale signs of a takeover. Using real-world intelligence and Flare data, this webinar will walk through:
– Common collection methods (info-stealers, XSS, token sync abuse)
– How session cookies are used in post-compromise scenarios
– Trends in cookie-based access sales on dark web markets
– Detection strategies and incident response best practices
By the end of this webinar, you’ll understand how session tokens function as high-value credentials—and how attackers exploit this blind spot to bypass even your strongest authentication controls.
By registering, you submit your information to the webinar organizer and sponsor, who will use it to communicate with you regarding this event and their other services.
LSA December Trends Webinar: Credential Theft Evolved: Session Tokens as the New Keys to the Kingdom
In this webinar, Eric Clay, Chief Marketing Officer and Research Team Co-Lead and Nick Ascoli, Director Product Strategy, at Flare, will uncover the evolving tradecraft behind session hijacking and cookie theft—two increasingly common techniques leveraged by cybercriminals to bypass MFA, impersonate users, and maintain long-term persistence.
Thery will explore how threat actors harvest and weaponize session tokens, how these credentials are trafficked in the cybercrime underground, and how defenders can identify the telltale signs of a takeover. Using real-world intelligence and Flare data, this webinar will walk through:
- Common collection methods (info-stealers, XSS, token sync abuse)
- How session cookies are used in post-compromise scenarios
- Trends in cookie-based access sales on dark web markets
- Detection strategies and incident response best practices
By the end of this webinar, you’ll understand how session tokens function as high-value credentials—and how attackers exploit this blind spot to bypass even your strongest authentication controls.
This session was hosted together with:
Past LSA Events
- OnlineTue October 7, 11am Eastern
- OnlineThu October 2, 10am Eastern
- OnlineThu August 7, 10am Eastern
- OnlineThu 10th Jul, 10am EDT
- London, United Kingdom8th July 2025, London
- OnlineThu 12th June, 10am EDT
- Dublin, Ireland20-21 May 2025
- OnlineThu 15th May, 10am EDT
- OnlineTue 22nd April, 1pm ET
- OnlineTue 25th February, 11am ET
Founded in 2016 as the LFPA to allow the various stakeholders in Loyalty, Fraud Prevention and Cybersecurity to collaborate on the growing issues around the security of Loyalty Programs.
