Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Yevhen Teleshyk - OAuth Phishing
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
OWASP Kyiv
March 04, 2018
Technology
170
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Yevhen Teleshyk - OAuth Phishing
OWASP Kyiv
March 04, 2018
More Decks by OWASP Kyiv
See All by OWASP Kyiv
Vlad Styran - OWASP Kyiv 2017 Report
owaspkyiv
0
84
Vlada Kulish - Why So Serial?
owaspkyiv
1
110
Roman Borodin - ISC2 & ISACA certification programs first-hand experience
owaspkyiv
0
110
Ihor Blum - WebSockets
owaspkyiv
0
67
Vlad Styran - Cyber Security Economics 101
owaspkyiv
2
180
Anastasiia Vixentael - Don’t Waste Time on Learning Cryptography: Better Use It Properly
owaspkyiv
0
230
Dima Kovalenko - Modern SSL Pinning
owaspkyiv
0
110
Pavel Radchuk - SAMM: Understanding Agile in Security
owaspkyiv
0
420
Ivan Vyshnevskyi - Not So Quiet git push
owaspkyiv
0
180
Other Decks in Technology
See All in Technology
10倍の生産性を実現するAI駆動並列エージェントのすべて
kumaiu
5
1.3k
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.9k
DevOps Agentで始めるAWS運用 〜フロンティアエージェントが変える運用の現場〜
nyankotaro
1
380
2026TECHFRESH畢業分享會 - 葬送的通靈師:化系統與用戶雜訊成行動訊號
line_developers_tw
PRO
0
800
Agent Skills設計で柔軟性と硬さのバランスが難しい話
nassy20
0
120
中期計画、2回作ってみた ~業務委託と正社員、両方の視点から~
demaecan
1
680
失敗を資産に変えるClaude Code
shinyasaita
0
430
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
6
1.5k
現地で盛り上がった WWDC26 Keynote
zozotech
PRO
1
200
AIソロプレナー時代に2ヶ月で20人増員した事業創造会社の開発組織の話
miyatakoji
0
600
AGENTS.mdとSkillsで始めるAIエージェント活用
sonoda_mj
3
200
エラーバジェットのアラートのタイミングを考える.pdf
kairim0
0
120
Featured
See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
141
35k
The Illustrated Guide to Node.js - THAT Conference 2024
reverentgeek
1
380
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.4k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.5k
30 Presentation Tips
portentint
PRO
1
320
Un-Boring Meetings
codingconduct
0
310
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
410
End of SEO as We Know It (SMX Advanced Version)
ipullrank
3
4.2k
Introduction to Domain-Driven Design and Collaborative software design
baasie
1
830
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.5k
Into the Great Unknown - MozCon
thekraken
41
2.6k
Darren the Foodie - Storyboard
khoart
PRO
3
3.4k
Transcript
Yevhen Teleshyk Phishing Threats to Cloud Users
Phishing - spear phishing - clone phishing - whaling
OAuth2 Application Authorization server Resource Server Resource owner Authorization request
Authorization grant Authorization grant Access Token Protected Resource Access Token
Registration
Authorizations request Application Resource owner Authorization request https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_ type=code&client_id={}&redirect_uri={}&scope={}
Scopes
Authorization grant
OAuth2 Application Authorization server Access Token
JWT JWT= eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2Y TctODkwYS0yNzRhNzJhNzMwOWUiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm 5ldC83ZmU4MTQ0Ny1kYTU3LTQzODUtYmVjYi02ZGU1N2YyMTQ3N2UvIiwiaWF0Ijo xMzg4NDQwODYzLCJuYmYiOjEzODg0NDA4NjMsImV4cCI6MTM4ODQ0NDc2Mywid mVyIjoiMS4wIiwidGlkIjoiN2ZlODE0NDctZGE1Ny00Mzg1LWJlY2ItNmRlNTdmMjE0Nzd lIiwib2lkIjoiNjgzODlhZTItNjJmYS00YjE4LTkxZmUtNTNkZDEwOWQ3NGY1IiwidXBuIjoi ZnJhbmttQGNvbnRvc28uY29tIiwidW5pcXVlX25hbWUiOiJmcmFua21AY29udG9zby5j b20iLCJzdWIiOiJKV3ZZZENXUGhobHBTMVpzZjd5WVV4U2hVd3RVbTV5elBtd18talg
zZkhZIiwiZmFtaWx5X25hbWUiOiJNaWxsZXIiLCJnaXZlbl9uYW1lIjoiRnJhbmsifQ.iwid W5pcXVlX25hbWUiOiJmcmFua21 JWT = base64(header.payload.signature) Header = {"typ","nonce","alg","x5t","kid"} Payload = {"aud":"https://graph.microsoft.com","iss","iat","nbf", "exp","acr","aio","amr","app_displayname","appid","appidacr", "family_name","given_name","ipaddr","name","oid","onprem_sid", "platf","puid","scp","sub","tid","unique_name","upn","uti","ver"}
Revoking
Questions?
References: • https://tools.ietf.org/html/rfc6749 • https://msdn.microsoft.com/en-us/office/office365/api/mail-rest-operations • https://docs.microsoft.com/en-us/outlook/rest/node-tutorial#using-the-mail-api • https://www.elevenpaths.com/new-ransomcloud-o365-report/index.html
SiteGround - Reliable hosting with speed, security, and support you can count on.
owaspkyiv
kumaiu
oracle4engineer
nyankotaro
line_developers_tw
nassy20
demaecan
shinyasaita
zozotech
miyatakoji
sonoda_mj
kairim0
eileencodes
reverentgeek
irinanazarova
inesmontani
portentint
codingconduct
ipullrank
baasie
sergeychernyshev
thekraken
khoart
