AUTH-FIDO2-CABLECredential Access

FIDO2 caBLE / Hybrid Transport Abuse

Phishing site lures a victim to scan a QR linking their phone authenticator to the attacker's browser session — completes login on attacker hardware.

§ Where this technique fits

AUTH-FIDO2-CABLE is catalogued under the Credential Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

FIDO2 caBLE hybrid → phone authenticator hijack
Attacker phishing site shows the legitimate FIDO2 QR. Victim scans with their phone authenticator. The link completes the WebAuthn ceremony in the attacker's browser — they're now signed in as the victim.
step 3 / 6

§ What commonly comes next

01
Steal Web Session Cookie
T1539 · Credential Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

FIDO2 caBLE hybrid → phone authenticator hijack

§ What commonly comes next