The prevalence of multi-factor authentication and single sign-on has caused attackers to forgo targeting credentials in favor of capturing session tokens. In this lightboard video, Obsidian CPO and co-founder Glenn Chisholm demonstrates some of the methods bad actors are employing to steal tokens, hijack sessions, and establish persistence within SaaS identity providers and business-critical applications.