Security enthusiasts and professionals are turning their focus towards a new angle on phishing attacks in the identity and access management space. During the >>Offensive Entra ID (Azure AD) and Hybrid AD Security<< training, a clever demonstration showcased how a modified EvilGinx phishlet could enable adversary-in-the-middle (AiTM) phishing to directly extract access and refresh tokens. [...] The post Hackers Exploit OAuth 2.0 Code Flow Using AiTM Attack on Microsoft Azure AD appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform. First seen on gbhackers.com Jump to article: gbhackers.com/hackers-exploit-oauth-2-0-code-flow/
