Entra ID
2 posts
Article
One bearer token, replayed from a residential proxy
How attackers abuse OAuth 2.0 at scale via consent phishing, device code flow, and service principal credentials - and why endpoint EDR sees none of it.
Article
Lapsus$ proved push bombing in 2022
MFA fatigue attacks against Microsoft Authenticator: T1621 mechanics, number matching, AiTM proxy gaps, token theft, and the Entra ID telemetry that catches it.