Tuesday, October 19, 2021

Creating a Malicious Azure AD OAuth2 Application

THIS POST WAS WRITTEN BY @NYXGEEK

I decided to write this blog because I’ve seen a lot of articles mentioning that attackers will use a malicious OAuth web app with Azure AD, but I hadn’t actually seen much in the way of good examples of doing so. I’m sure I will find a dozen fantastic examples as soon as this is published, but as of now, I haven’t.

I should mention that my teammate Scot Berner has written up a great blog post on a similar topic — Phishing Users with OAuth and DeviceLogin.

Ov…

Read More

Latest news
Related news