“With this talk, we want to revive the interest in the largely ignored method of web application account compromise through cookie stealing, by introducing a new powershell module “”CookieMonstruo””, which aims to be the default post-exploitation tool for session hijacking. Through the use of this tool we will show the implications of lax session management controls in web applications, especially the ones providing a social login functionality. We will show various demos of how the tool can be used and discuss possible mitigations for this risk.”