Red Canary Office Hours: Episode 29 – Uncovering OAuth threats: Detecting malicious Azure phishing campaigns
This week, Keith and Dave are joined by Red Canary Threat Hunters Alex Walston and Harrison Koll from our Intelligence Operations team.
Alex and Harrison share the basics of OAuth, and the story of a malicious Azure application used to launch phishing campaigns from within the organization.
They then share how Red Canary detects these using available signals from Azure audit logs, Microsoft Defender signals, and more.
Resources mentioned in this episode:
Requests? Questions? Send us an email: officehours@redcanary.com
Join us every Tuesday at 1PM ET for fresh insights from the front lines and unfiltered takes on the biggest cybersecurity news and trends. Sign up now.
Related Resources
Red Canary Office Hours: Episode 33 – What are the most effective cybersecurity controls?
Red Canary Office Hours: Episode 33 – What are the most effective cybersecurity controls?
Combatting modern social engineering threats
Combatting modern social engineering threats
You’re invited: Four phishing lures in campaigns dropping RMM tools
You’re invited: Four phishing lures in campaigns dropping RMM tools
Red Canary Office Hours: Episode 32 – NPM compromise, cybersecurity job market, and more
Red Canary Office Hours: Episode 32 – NPM compromise, cybersecurity job market, and more