Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Yevhen Teleshyk - OAuth Phishing
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
OWASP Kyiv
March 04, 2018
Technology
170
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Yevhen Teleshyk - OAuth Phishing
OWASP Kyiv
March 04, 2018
More Decks by OWASP Kyiv
See All by OWASP Kyiv
Vlad Styran - OWASP Kyiv 2017 Report
owaspkyiv
0
84
Vlada Kulish - Why So Serial?
owaspkyiv
1
110
Roman Borodin - ISC2 & ISACA certification programs first-hand experience
owaspkyiv
0
110
Ihor Blum - WebSockets
owaspkyiv
0
67
Vlad Styran - Cyber Security Economics 101
owaspkyiv
2
180
Anastasiia Vixentael - Don’t Waste Time on Learning Cryptography: Better Use It Properly
owaspkyiv
0
230
Dima Kovalenko - Modern SSL Pinning
owaspkyiv
0
110
Pavel Radchuk - SAMM: Understanding Agile in Security
owaspkyiv
0
420
Ivan Vyshnevskyi - Not So Quiet git push
owaspkyiv
0
180
Other Decks in Technology
See All in Technology
AIの性能が向上しても未解決な組織の重大問題は何か?/An Unsolved Organizational Problem in the Age of AI
moriyuya
4
610
なぜ Platform Engineering の土台に Kubernetes を選ぶのか
r4ynode
2
590
FDE という解 ― 暗黙知と明示知をつなぐ、伴走型エンジニアリング ―
otanet
0
130
爆速でマルチプロダクトを立ち上げる時 事業・CTO目線で大事にしたい事
miyatakoji
0
100
【Cyber-sec+】経営層を"動かす"ための考え方
hssh2_bin
0
130
社内 AI エージェント Synapse と セマンティックレイヤーの育て方
hiroakis
2
1.7k
Chainlitで作るお手軽チャットUI
ynt0485
0
200
"何を作るか"を任される エンジニアは、どう育つのか
yutaokafuji
1
600
白金鉱業Meetup_Vol.24_「AIエージェントは分けるほど良い」は本当か? / Is it true that “the more you divide AI agents, the better”?
brainpadpr
1
300
[モダンアプリ勉強会]今更聞けないGit/GitHub入門
tsukuboshi
0
370
2026TECHFRESH畢業分享會 - AI 時代的人生存檔點
line_developers_tw
PRO
0
810
就職⽀援サービスにおけるキャリアアドバイザーのシフトスケジューリング
recruitengineers
PRO
1
140
Featured
See All Featured
How STYLIGHT went responsive
nonsquared
100
6.2k
It's Worth the Effort
3n
188
29k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.4k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
133
19k
ラッコキーワード サービス紹介資料
rakko
1
3.6M
Practical Orchestrator
shlominoach
191
11k
What's in a price? How to price your products and services
michaelherold
247
13k
Statistics for Hackers
jakevdp
799
230k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
3.2k
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
aleyda
1
2k
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
2
390
Raft: Consensus for Rubyists
vanstee
141
7.5k
Transcript
Yevhen Teleshyk Phishing Threats to Cloud Users
Phishing - spear phishing - clone phishing - whaling
OAuth2 Application Authorization server Resource Server Resource owner Authorization request
Authorization grant Authorization grant Access Token Protected Resource Access Token
Registration
Authorizations request Application Resource owner Authorization request https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_ type=code&client_id={}&redirect_uri={}&scope={}
Scopes
Authorization grant
OAuth2 Application Authorization server Access Token
JWT JWT= eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0.eyJhdWQiOiIyZDRkMTFhMi1mODE0LTQ2Y TctODkwYS0yNzRhNzJhNzMwOWUiLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm 5ldC83ZmU4MTQ0Ny1kYTU3LTQzODUtYmVjYi02ZGU1N2YyMTQ3N2UvIiwiaWF0Ijo xMzg4NDQwODYzLCJuYmYiOjEzODg0NDA4NjMsImV4cCI6MTM4ODQ0NDc2Mywid mVyIjoiMS4wIiwidGlkIjoiN2ZlODE0NDctZGE1Ny00Mzg1LWJlY2ItNmRlNTdmMjE0Nzd lIiwib2lkIjoiNjgzODlhZTItNjJmYS00YjE4LTkxZmUtNTNkZDEwOWQ3NGY1IiwidXBuIjoi ZnJhbmttQGNvbnRvc28uY29tIiwidW5pcXVlX25hbWUiOiJmcmFua21AY29udG9zby5j b20iLCJzdWIiOiJKV3ZZZENXUGhobHBTMVpzZjd5WVV4U2hVd3RVbTV5elBtd18talg
zZkhZIiwiZmFtaWx5X25hbWUiOiJNaWxsZXIiLCJnaXZlbl9uYW1lIjoiRnJhbmsifQ.iwid W5pcXVlX25hbWUiOiJmcmFua21 JWT = base64(header.payload.signature) Header = {"typ","nonce","alg","x5t","kid"} Payload = {"aud":"https://graph.microsoft.com","iss","iat","nbf", "exp","acr","aio","amr","app_displayname","appid","appidacr", "family_name","given_name","ipaddr","name","oid","onprem_sid", "platf","puid","scp","sub","tid","unique_name","upn","uti","ver"}
Revoking
Questions?
References: • https://tools.ietf.org/html/rfc6749 • https://msdn.microsoft.com/en-us/office/office365/api/mail-rest-operations • https://docs.microsoft.com/en-us/outlook/rest/node-tutorial#using-the-mail-api • https://www.elevenpaths.com/new-ransomcloud-o365-report/index.html
owaspkyiv
moriyuya
r4ynode
otanet
miyatakoji
hssh2_bin
hiroakis
ynt0485
yutaokafuji
brainpadpr
tsukuboshi
line_developers_tw
recruitengineers
nonsquared
3n
irinanazarova
morganepeng
rakko
shlominoach
michaelherold
jakevdp
danielanewman
aleyda
jct
vanstee
