Defending Against New Phishing Attacks that Abuse OAuth Authorization Flows

Defending Against New Phishing Attacks that Abuse OAuth Authorization Flows

Posted on June 09, 2022 in Presentations

Users are prompted to login at the real Microsoft login page, real domain, real cert, and also have MFA enabled. But they've just been phished by a new attack that abuses the OAuth authorization protocol. The attacker is not stopped by the MFA controls and has full access to all of the Microsoft data including Office and Azure. This session will show how to detect and mitigate these phishing attacks.

Access This and Other RSAC™ Conference Presentations with Your Free RSAC Membership

Your RSAC™ Membership also includes AI-powered summaries, mind maps, and slides for Conference presentations, Group Discussions with experts, and more.

Watch Now >>

Participants

Jenko Hwong

Speaker

Principal Threat Researcher, Huntress Labs

View More Presentations

Share With Your Community