Cookies are solid gold when it comes to security. Once you have logged in, your session is the ticket to enter any web application. This is why most web sites use HTTPS these days. The problem is that your browser and the web applications needs to store these bits of information. Enter cookie hacking. A lot has changed since 1994, and Dawid Czagan of Silesia Security Lab held presentation at DeepSec 2015 about what you can and cannot do with cookies in modern web applications and browsers. Learn about user impersonation, remote cookie tampering, XSS and more.