THIS POST WAS WRITTEN BY @NYXGEEK
I decided to write this blog because I’ve seen a lot of articles mentioning that attackers will use a malicious OAuth web app with Azure AD, but I hadn’t actually seen much in the way of good examples of doing so. I’m sure I will find a dozen fantastic examples as soon as this is published, but as of now, I haven’t.
I should mention that my teammate Scot Berner has written up a great blog post on a similar topic — Phishing Users with OAuth and DeviceLogin.
Ov…