πŸ“‚ 02 - Impersonation

Overview

Impersonation is the act of a process or a user capturing the security context of another user to perform actions on their behalf. Often involving tokens or cookies in some system or specific security context.

Note: It is important to differentiate Impersonation and Privilege Escalation. While Privesc often focus on looking for system misconfigurations and vulnerabilities, Impersonation on the other hand looking for active user sessions and also sometimes system misconfigurations to steal the target’s identity and act on their behalf. This leads to sometimes these two concepts overlap, for example exploiting a Potato Attack means using Impersonation to achieve Privilege Escalation.


🧠 Techniques

FileCreated
Session FixationSunday, April 12th 2026, 4:56:52 pm
XSS - DOM ClobberingWednesday, May 6th 2026, 7:51:54 am

πŸ› οΈ Tools

FileCreated