Tag
7 articles covering Identity across campaign analysis, detection engineering, and defender tradecraft.
Field Analysis
Persistent OAuth grants let third-party apps keep operating after the original login, password reset, or employee lifecycle event has faded from view.
Read more:The Hacker NewsMicrosoft Learn
Field Analysis
Device code phishing turns a legitimate OAuth flow into a credential-free token theft technique. Here is how it runs end-to-end and what defenders can hunt on in Sentinel and Defender XDR.
Read more:Microsoft Security BlogIETF
Field Analysis
AitM kits proxy a real identity provider page, so brand and URL checks fail. The detectable artifacts live one layer down - in TLS handshake fingerprints, in the cookies the proxy must rewrite, and in the small page-side tells that betray the relay.
Read more:SekoiaMicrosoft Threat Intelligence
Field Analysis
Enterprise identity teams are treating phishing-resistant authentication as an operating control, not a future-state roadmap item.
Read more:BleepingComputerBleepingComputer
Field Analysis
Attackers are blending push prompts, urgent collaboration lures, and identity fatigue to move users from suspicion to accidental approval.
Read more:The Hacker NewsThe Hacker News
Field Analysis
Enterprise responders are seeing invoice fraud migrate from bulk spoofing to thread-hijacking and linguistically adaptive payloads.
Read more:BleepingComputerKrebsOnSecurity
Field Analysis
Reverse-proxy phishing kits commoditized session-token theft over the last two years. The kit market now resembles SaaS, and that has implications for how defenders track operators.
Read more:Microsoft Threat IntelligenceSekoia