Duckbill

Microsoft OAuth Device Flow Phishing

Casting into the Current Microsoft OAuth Device Flow Phishing Overview As an educational exercise aimed at exploring some of the nuances of automating and understanding Azure/M365 OAuth-related attacks, particularly device code phishing and illicit consent grant attacks, a custom lab was built. This simulated environment consisted of a Flask application, an Azure Registered Web application, …

Microsoft OAuth Device Flow Phishing Read More »

AI-Driven JavaScript Obfuscation of a HTML redirector

AI-Driven JavaScript Obfuscation of a HTML redirector Introduction This article details utilizing an AI model, specifically OpenAI’s ChatGPT, to create a Python script to generate an HTML document capable of redirecting to a specified URL with a designated title, incorporating simple but effective JavaScript obfuscation. What is a HTML redirector? In this post, we refer …

AI-Driven JavaScript Obfuscation of a HTML redirector Read More »

FIDO2 vs Evilginx

FIDO2 vs Evilginx Introduction This blog is about keeping Microsoft 365 user accounts safer from phishing attacks, specifically from those sneaky reverse proxy moves that bad actors use to get around multi-factor authentication (MFA). We’re going to tackle this by setting up FIDO2. First off, we’ll walk through the reverse proxy phishing lab environment which …

FIDO2 vs Evilginx Read More »

Discord webhook

Harvesting and exfiltrating data with Discord webhooks Introduction The rich functionality available in Discord unfortunately can be abused by malicious actors. This brief blog post provides some simple but practical examples of how webhooks can be easily misused and helps demonstrate why it is one of the most commonly abused features of the platform. Discord …

Discord webhook Read More »

PDF Smuggling

PDF smuggling Using HTML smuggling to create malicious PDFs PDF documents can be weaponised by attackers in many different ways to perform malicious actions, such as delivering malware or harvest user credentials. PDF viewers implement various measures to prevent and mitigate risks associated with malicious PDFs including security warnings, sandboxing, patching vulnerabilities, restricting JavaScript, and …

PDF Smuggling Read More »