access-token-manipulation
Google Whistles While OAuth Burns — ‘MultiLogin’ 0-Day is 70+ Days Old
Richi Jennings | | access-token-manipulation, authentication token, Business Associate Agreements, Chrome, chrome 0-day, chrome phishing, Chrome Security, Chromium, Chromium-Based Browsers, Federated Identity, federated sso, google, Google Account, google account security, Google Advanced Protection, infostealer, infostealers, OAuth, oauth 2.0, oauth abuse, Oauth Application Abuse, oauth refresh token, OAuth Token Vunerability, Prisma, Protecting OAuth Tokens, SB Blogwatch, securing oauth
What a Mickey Mouse operation: Infostealer scrotes having a field day with unpatched vulnerability ...
Security Boulevard
On Detection: Tactical to Functional
Jared Atkinson | | access-token-manipulation, Detection, detection-engineering, Infosec, MITRE ATTACK
Part 3: Expanding the Function Call GraphIntroductionIn the previous post in this series, I introduced the concept of operations and demonstrated how each operation has a function call graph that undergirds it. In ...