microsoft

6 posts tagged with "microsoft"

Device Code Phishing Campaign — Infrastructure Update

Mar 18, 2026

A follow-up investigation mapping 1,337 phishing URLs across 326 workers.dev hostnames, confirming a PhaaS multi-tenant architecture, encrypted client-side payloads, and new lure variants targeting Adobe, DocuSign, and Outlook branding.

Threat Hunting entra microsoft threat hunting

Uncovering a New Device Code Phishing Campaign

Mar 10, 2026

Uncovering a phishing campaign abusing Microsoft Device Code Authentication and Cloudflare Worker Pages, with detection hunts for Entra and Microsoft 365.

Threat Hunting entra microsoft threat hunting

ConsentFix: A New way to Phish for Tokens

Dec 17, 2025

A look at a new phishing campaign, ConsentFix which utilises click-fix style techniques to steal auth tokens.

Threat Hunting entra microsoft threat hunting

Microsoft Entra Token Theft - Part One: Offline Access and Conditional Access

Dec 12, 2025

A walkthrough of different Token Theft Scenarios with Detections

Threat Hunting entra microsoft threat hunting

Detecting Abuse of VSCode Remote Tunnels

Jan 16, 2025

Detecting abuse of VSCode Remote Tunnels for C2 and persistence by threat actors

Threat Hunting vscode remote tunnels detection

Microsoft Dev Tunnels: Tunnelling C2 and More

Nov 13, 2024

How threat actors abuse Microsoft Dev Tunnels for C2 communication and detection strategies

Pen Testing Threat Hunting dev tunnels c2 microsoft