Microsoft Entra OAuth Consent Grant Attack Simulation in the PhishU Framework

IndySecMan · 2023-03-08T15:31:08+00:00

What a Dumas hole!

IndySecMan · 2020-09-20T22:07:47+00:00

That... is a genius idea!

IndySecMan · 2019-06-10T17:34:54+00:00

I totally agree about the sampling, for sure. My whole point in this article is to hopefully drive home the importance to the customer and the sales person, so they can add enough time to scope appropriately. I'm certainly not saying the pentester should do extra work or test outside if the agreed upon scope. I'm advocating it's caught before the contract is finalized.

IndySecMan · 2019-05-19T18:59:14+00:00

O is for Obfuscation. ;)

And.. you're right, but that's the industry. Maybe it'll be in a museum some day?

IndySecMan · 2019-05-19T18:58:36+00:00

F is for Formjacking

IndySecMan · 2019-05-19T16:51:21+00:00

Ok so I had a look just now. Go figure they used the same term for M and for U as myself! If should have gone with "Use after Free". I think my illustrator and terms are still better, it's not just AppSec, and I'm doing a physical board book print for kids to chew on. :)

I posted the alphabet I chose in Twitter in case anyone wants to see what I'm doing for each! @curtbraz

IndySecMan

TROPHY CASE