https://pratikdabhi.in/tags/digital-forensics/Recent content in Digital Forensics on Pratik’s LocalhostHugo -- gohugo.ioenpratik.dabhi.4u@gmail.com (Pratik)pratik.dabhi.4u@gmail.com (Pratik)Sun, 01 Feb 2026 10:00:00 +0000https://pratikdabhi.in/posts/cookie-heist/Sun, 01 Feb 2026 10:00:00 +0000pratik.dabhi.4u@gmail.com (Pratik)https://pratikdabhi.in/posts/cookie-heist/<div class="lead text-neutral-500 dark:text-neutral-400 !mb-9 text-xl"> What looked like a simple setup.exe turned out to be a stealthy info-stealer that stole Microsoft 365 session tokens from Chrome cookies — completely bypassing MFA. Here&rsquo;s the full forensic breakdown. </div> <h2 class="relative group">Introduction <div id="introduction" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#introduction" aria-label="Anchor">#</a> </span> </h2> <p>Suspicious login activity was observed from multiple geographic regions, inconsistent with known user behavior.</p>