TagsATT&CK TacticPersistence (TA0003)Credential Access (TA0006)IncidentsFrom refresh token theft to global adminReferenceshttps://securitylabs.datadoghq.com/articles/following-attackers-trail-in-aws-methodology-findings-in-the-wild/Last editedMay 19, 2024 10:07 AMStatusStubDefensesCloud Log monitoring