Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Yevhen Teleshyk - OAuth Phishing

OWASP Kyiv
March 04, 2018
Technology
0
93

Yevhen Teleshyk - OAuth Phishing

OWASP Kyiv

March 04, 2018
Tweet

More Decks by OWASP Kyiv

See All by OWASP Kyiv
Vlad Styran - OWASP Kyiv 2017 Report
owaspkyiv
0
55
Vlada Kulish - Why So Serial?
owaspkyiv
1
53
Roman Borodin - ISC2 & ISACA certification programs first-hand experience
owaspkyiv
0
66
Ihor Blum - WebSockets
owaspkyiv
0
30
Vlad Styran - Cyber Security Economics 101
owaspkyiv
2
130
Anastasiia Vixentael - Don’t Waste Time on Learning Cryptography: Better Use It Properly
owaspkyiv
0
120
Dima Kovalenko - Modern SSL Pinning
owaspkyiv
0
69
Pavel Radchuk - SAMM: Understanding Agile in Security
owaspkyiv
0
270
Ivan Vyshnevskyi - Not So Quiet git push
owaspkyiv
0
130

Other Decks in Technology

See All in Technology
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
220
DevOpsメトリクスとアウトカムの接続にトライ!開発プロセスを通して計測できるメトリクスの活用方法
ham0215
2
200
自動生成を活用した、運用保守コストを抑える Error/Alert/Runbook の一元集約管理 / Centralized management of Error/Alert/Runbook to minimize operational costs using automated code generation
biwashi
9
2.1k
株式会社EventHub・エンジニア採用資料
eventhub
0
1.9k
Garoon 開発チーム / Garoon development team
cybozuinsideout
PRO
2
2.9k
最近たまに見かけるTiDBってなんだ? - Findy
pingcap0315
2
610
"好き"との生活/Regularly update profile with GitHub Actions
judeeeee
0
150
GraphQL 成熟度モデルの紹介と、プロダクトに当てはめた事例 / GraphQL maturity model
mh4gf
4
130
複雑な構成要素を持つUIとの向き合い方 〜新・支出グラフでの実例〜 / B43 TECH TALK
nakamuuu
0
110
疲弊しない!AWSセキュリティ統制の考え方 #devio_osakaday1
masahirokawahara
6
5.9k
コンパウンドスタートアップのためのスケーラブルでセキュアなInfrastructure as Codeパイプラインを考える / Scalable and Secure Infrastructure as Code Pipeline for a Compound Startup
yuyatakeyama
3
3.1k
社内勉強会運営のコツ
senoo
6
1.1k

Featured

See All Featured
Happy Clients
brianwarren
91
6.4k
A better future with KSS
kneath
231
16k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
Producing Creativity
orderedlist
PRO
336
39k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
9
8.3k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
15
1.4k
VelocityConf: Rendering Performance Case Studies
addyosmani
320
23k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
321
20k
Optimising Largest Contentful Paint
csswizardry
7
2.3k
StorybookのUI Testing Handbookを読んだ
zakiyama
11
4.6k
4 Signs Your Business is Dying
shpigford
175
21k
Building Applications with DynamoDB
mza
88
5.6k

Transcript

  1. Yevhen Teleshyk Phishing Threats to Cloud Users

  2. Phishing - spear phishing - clone phishing - whaling

  3. OAuth2 Application Authorization server Resource Server Resource owner Authorization request

    Authorization grant Authorization grant Access Token Protected Resource Access Token

  4. Registration

  5. Authorizations request Application Resource owner Authorization request https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_ type=code&client_id={}&redirect_uri={}&scope={}

  6. Scopes

  7. Authorization grant

  8. OAuth2 Application Authorization server Access Token

  9. JWT JWT= eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2Y TctODkwYS0yNzRhNzJhNzMwOWUiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm 5ldC83ZmU4MTQ0Ny1kYTU3LTQzODUtYmVjYi02ZGU1N2YyMTQ3N2UvIiwiaWF0Ijo xMzg4NDQwODYzLCJuYmYiOjEzODg0NDA4NjMsImV4cCI6MTM4ODQ0NDc2Mywid mVyIjoiMS4wIiwidGlkIjoiN2ZlODE0NDctZGE1Ny00Mzg1LWJlY2ItNmRlNTdmMjE0Nzd lIiwib2lkIjoiNjgzODlhZTItNjJmYS00YjE4LTkxZmUtNTNkZDEwOWQ3NGY1IiwidXBuIjoi ZnJhbmttQGNvbnRvc28uY29tIiwidW5pcXVlX25hbWUiOiJmcmFua21AY29udG9zby5j b20iLCJzdWIiOiJKV3ZZZENXUGhobHBTMVpzZjd5WVV4U2hVd3RVbTV5elBtd18talg

    zZkhZIiwiZmFtaWx5X25hbWUiOiJNaWxsZXIiLCJnaXZlbl9uYW1lIjoiRnJhbmsifQ.iwid W5pcXVlX25hbWUiOiJmcmFua21 JWT = base64(header.payload.signature) Header = {"typ","nonce","alg","x5t","kid"} Payload = {"aud":"https://graph.microsoft.com","iss","iat","nbf", "exp","acr","aio","amr","app_displayname","appid","appidacr", "family_name","given_name","ipaddr","name","oid","onprem_sid", "platf","puid","scp","sub","tid","unique_name","upn","uti","ver"}

  10. Revoking

  11. Questions?

  12. References: • https://tools.ietf.org/html/rfc6749 • https://msdn.microsoft.com/en-us/office/office365/api/mail-rest-operations • https://docs.microsoft.com/en-us/outlook/rest/node-tutorial#using-the-mail-api • https://www.elevenpaths.com/new-ransomcloud-o365-report/index.html