We have all signed up for apps that use a third party as the authentication provider.
But what happens if we sign up for a Malicious Microsoft application using our Office 365 credentials? What can the attacker do? And how do we protect ourselves and our users if it happens?
In this somewhat sophisticated Cybersecurity awareness and educational phishing scenario, Fabio and STÖK from Truesec sets up a Malicious Azure Webapp and bypasses MFA to collect a token, that never expired... Scary stuff..
twitter.com/fabio_viggiani/
twitter.com/stokfredrik
https://career.truesec.com/
Join our purpose to create a safer world by preventing cyber breaches and minimizing impact!