Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Yevhen Teleshyk - OAuth Phishing
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
OWASP Kyiv
March 04, 2018
Technology
170
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Yevhen Teleshyk - OAuth Phishing
OWASP Kyiv
March 04, 2018
More Decks by OWASP Kyiv
See All by OWASP Kyiv
Vlad Styran - OWASP Kyiv 2017 Report
owaspkyiv
0
84
Vlada Kulish - Why So Serial?
owaspkyiv
1
110
Roman Borodin - ISC2 & ISACA certification programs first-hand experience
owaspkyiv
0
110
Ihor Blum - WebSockets
owaspkyiv
0
67
Vlad Styran - Cyber Security Economics 101
owaspkyiv
2
180
Anastasiia Vixentael - Don’t Waste Time on Learning Cryptography: Better Use It Properly
owaspkyiv
0
240
Dima Kovalenko - Modern SSL Pinning
owaspkyiv
0
110
Pavel Radchuk - SAMM: Understanding Agile in Security
owaspkyiv
0
430
Ivan Vyshnevskyi - Not So Quiet git push
owaspkyiv
0
180
Other Decks in Technology
See All in Technology
インフラ寄りSREでも 開発に踏み出せる〜境界を越えてユーザー体験に向き合いたい〜
sansantech
PRO
2
3.8k
人を動かすのは時間ではなく、納得感 〜新任EMが入社3ヶ月、組織を2回変えた話〜
kakehashi
PRO
3
220
10年目を迎えた「ABEMA」がどのように AI 活用を推進して、AI 駆動開発にシフトしているのか / How ABEMA, entering its 10th year, is promoting the use of AI and shifting toward AI-driven development
miyukki
0
140
Kaggleで成長するために意識したこと
prgckwb
2
340
美しいコードを書くためにF#を学んでみた話
yud0uhu
1
420
Devsumi 2026 Summer 人もAIも使える共通基盤を事業の加速装置にする~デザインシステム運用に学ぶ組織レバレッジ~ 渡辺 凌央
legalontechnologies
PRO
0
130
しくみを学んで使いこなそう GitHub Copilot app
torumakabe
2
240
オブザーバビリティ、本当に活用できてる? 〜API連携×生成AIで成熟度を自動評価〜
dmmsre
1
3.2k
AI時代の EM への処方箋
staka121
PRO
0
140
証券システムを10年Scalaで作り続けるということ - 関数型まつり2026
krrrr38
3
850
地域 SRE コミュニティ最前線 / SRE NEXT 2026 Discussion Night Track C
muziyoshiz
0
220
LLMやAIエージェントをソフトウェアに組み込むプラクティス
shibuiwilliam
1
370
Featured
See All Featured
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
190
The Invisible Side of Design
smashingmag
301
52k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
SEO for Brand Visibility & Recognition
aleyda
0
4.6k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.4k
Become a Pro
speakerdeck
PRO
31
6k
ラッコキーワード サービス紹介資料
rakko
1
3.9M
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
128
56k
The Hidden Cost of Media on the Web [PixelPalooza 2025]
tammyeverts
2
340
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Mind Mapping
helmedeiros
PRO
1
280
Abbi's Birthday
coloredviolet
3
8.6k
Transcript
Yevhen Teleshyk Phishing Threats to Cloud Users
Phishing - spear phishing - clone phishing - whaling
OAuth2 Application Authorization server Resource Server Resource owner Authorization request
Authorization grant Authorization grant Access Token Protected Resource Access Token
Registration
Authorizations request Application Resource owner Authorization request https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_ type=code&client_id={}&redirect_uri={}&scope={}
Scopes
Authorization grant
OAuth2 Application Authorization server Access Token
JWT JWT= eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2Y TctODkwYS0yNzRhNzJhNzMwOWUiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm 5ldC83ZmU4MTQ0Ny1kYTU3LTQzODUtYmVjYi02ZGU1N2YyMTQ3N2UvIiwiaWF0Ijo xMzg4NDQwODYzLCJuYmYiOjEzODg0NDA4NjMsImV4cCI6MTM4ODQ0NDc2Mywid mVyIjoiMS4wIiwidGlkIjoiN2ZlODE0NDctZGE1Ny00Mzg1LWJlY2ItNmRlNTdmMjE0Nzd lIiwib2lkIjoiNjgzODlhZTItNjJmYS00YjE4LTkxZmUtNTNkZDEwOWQ3NGY1IiwidXBuIjoi ZnJhbmttQGNvbnRvc28uY29tIiwidW5pcXVlX25hbWUiOiJmcmFua21AY29udG9zby5j b20iLCJzdWIiOiJKV3ZZZENXUGhobHBTMVpzZjd5WVV4U2hVd3RVbTV5elBtd18talg
zZkhZIiwiZmFtaWx5X25hbWUiOiJNaWxsZXIiLCJnaXZlbl9uYW1lIjoiRnJhbmsifQ.iwid W5pcXVlX25hbWUiOiJmcmFua21 JWT = base64(header.payload.signature) Header = {"typ","nonce","alg","x5t","kid"} Payload = {"aud":"https://graph.microsoft.com","iss","iat","nbf", "exp","acr","aio","amr","app_displayname","appid","appidacr", "family_name","given_name","ipaddr","name","oid","onprem_sid", "platf","puid","scp","sub","tid","unique_name","upn","uti","ver"}
Revoking
Questions?
References: • https://tools.ietf.org/html/rfc6749 • https://msdn.microsoft.com/en-us/office/office365/api/mail-rest-operations • https://docs.microsoft.com/en-us/outlook/rest/node-tutorial#using-the-mail-api • https://www.elevenpaths.com/new-ransomcloud-o365-report/index.html