Web: https://embracethered.com/blog/posts/2022/device-code-phishing/

e
Nov. 21, 2022, 2 p.m. |

Embrace The Red embracethered.com

As more organizations move to hardware tokens and password-less auth (e.g. Yubikeys, Windows Hello,…) attackers will look for other ways to to trick users to gain access to their data.
One novel phishing technique is by using the OAuth2 Device Authorization Grant.
This post describes how it works with Microsoft AAD as example.
Attacker initiates the phishing flow The attacker starts a Device Code flow by issuing a request to the device code token endpoint (e.

attacks code device phishing phishing attacks

Operational Technology Cyber Security Consultant

@ PA Consulting | Edinburgh, United Kingdom

Cyber Security Analyst I

@ Humanity | Cincinnati, OH, United States

IT Security Analyst Specialist

@ Humanity | Phoenix, AZ, United States

IT Security Analyst Senior

@ Humanity | Phoenix, AZ, United States

Managed Network Detection & Response Analyst (REMOTE)

@ Arista Networks | Vancouver, BC, Canada

Director, Next Generation Firewall Customer Success

@ Palo Alto Networks | Raleigh, NC, United States

Cyber Security engineer

@ LACROIX | Rennes, France

Cyber Security Engineer(台北)

@ SGS | Taipei, Taiwan

Duales Studium Elektrotechnik mit Schwerpunkt Cyber Security (w/m/div.) - anteilig remote

@ Bosch Group | Rülzheim, Germany

Cloud Security Controls Expert

@ PA Consulting | London, United Kingdom

Cybersecurity Audit Manager

@ ServiceNow | Santa Clara, CALIFORNIA, United States

Security Solution Administrator - Platform Operation (REF1249B)

@ Deutsche Telekom IT Solutions | Pécs, Budapest, Szeged, Debrecen, Hungary