RC RANDOM CHAOS

Entra ID

2 posts

One bearer token, replayed from a residential proxy
Article

One bearer token, replayed from a residential proxy

How attackers abuse OAuth 2.0 at scale via consent phishing, device code flow, and service principal credentials - and why endpoint EDR sees none of it.

Lapsus$ proved push bombing in 2022
Article

Lapsus$ proved push bombing in 2022

MFA fatigue attacks against Microsoft Authenticator: T1621 mechanics, number matching, AiTM proxy gaps, token theft, and the Entra ID telemetry that catches it.