Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced phishing techniques that exploit Microsoft Entra ID's legitimate login infrastructure in this DEF CON 33 conference talk. Discover novel methods for conducting credential theft attacks directly through Microsoft's official login.microsoftonline.com domain, bypassing traditional detection mechanisms. Learn how attackers can leverage legitimate Microsoft functionality to create persistent phishing campaigns that are difficult to detect and nearly impossible to patch. Examine the challenges of maintaining phishing infrastructure and understand how these techniques differ from conventional OAuth Consent and Device Code Phishing attacks. Gain insights into sophisticated social engineering approaches that exploit one of the enterprise market's most widely used identity providers, presented by cybersecurity researcher Keanu 'RedByte' Nys at DEF CON 33.
