SquarePhish 2.0 - Turning QRCodes into Single Sign On Primary Refresh Tokens - Nevada and Kam

Описание: Abstract:

SquarePhish is an advanced phishing tool that uses a technique combining the OAuth 2.0 Device Code Authentication Flow and QR codes. Version 2.0 of the tool introduces phishing for Primary Refresh Tokens — Microsoft’s Single Sign-On token. This token gives attackers broad access to Microsoft cloud resources.

In the demo, we will cover QR codes, Device Code OAuth 2.0 Flow, FOCI tokens, Primary Refresh Tokens, and putting it all together for advanced phishing attacks. The intent of our tool is to give red teamers and organizations a way to test detection and prevention capabilities.