Red Canary Office Hours: Episode 29 – Uncovering OAuth threats: Detecting malicious Azure phishing campaigns
This week, Keith and Dave are joined by Red Canary Threat Hunters Alex Walston and Harrison Koll from our Intelligence Operations team.
Alex and Harrison share the basics of OAuth, and the story of a malicious Azure application used to launch phishing campaigns from within the organization.
They then share how Red Canary detects these using available signals from Azure audit logs, Microsoft Defender signals, and more.
Resources mentioned in this episode:
Requests? Questions? Send us an email: officehours@redcanary.com
Join us every Tuesday at 1PM ET for fresh insights from the front lines and unfiltered takes on the biggest cybersecurity news and trends. Sign up now.
Related Resources
Red Canary Office Hours: Episode 30 – Top threats in July – Patterns, precursors and evolving malware tools
Red Canary Office Hours: Episode 30 – Top threats in July – Patterns, precursors and evolving malware tools
Intelligence Insights: August 2025
Intelligence Insights: August 2025
Patching for persistence: How DripDropper Linux malware moves through the cloud
Patching for persistence: How DripDropper Linux malware moves through the cloud
Red Canary Office Hours: Episode 28 – Model Context Protocol (MCP) and the threat landscape for AI workflows
Red Canary Office Hours: Episode 28 – Model Context Protocol (MCP) and the threat landscape for AI workflows