![]() Implicationsīy configuring a fake OAuth application within O365, an attacker could leverage the application in an illicit consent grant phishing attack to obtain permissions to the victim’s O365 resources. Because the attack method closely resembles a standard O365 user’s experience with corporate applications, and because users typically do not possess a clear understanding of how the underlining application authorization processes function, this technique is ripe for abuse. Jenko Hwong, a principal engineer at Netskope, delved deeply into this emerging trend in his presentation “OAuthsome Magic Tricks Yet More OAuth Abuse”. Are there any emerging attack trends for which our clients should be on the lookout? OAuth attack techniques against Microsoft ® Office 365 ®Īttack techniques involving Open Authorization (OAuth), or an open standard for access delegation, and directed at Microsoft Office 365 (O365) are becoming more mature and effective. Read Jeff and Derek’s Q&A below for a breakdown of what they learned about the industry’s newest trends, tools, and attack vectors. Crowds of information security professionals, journalists, lawyers, federal employees, law enforcement agents, students, and hackers alike gathered at DEF CON’s 30th convention to talk all things hacking and cybersecurity. Members of ACA Aponix’s penetration testing team, Jeff Standley, Senior Principal Consultant, and Derek Van Natta, Consultant, attended DEF CON, one of the world’s largest and most prominent annual hacker conferences August 11-14, 2022.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |