EX-OWLETCredential Access

OWA Form Cookie Theft

MITM / phishing harvests OWA forms-based auth cookies — replay until session expires (default 8 hours).

§ Where this technique fits

EX-OWLET is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 0 approved dossiers in the registry, typically.