Skip Navigation
Get a Demo
 
Share
 
 
 
 
 
 
 
 
Resources Videos
Threat intelligence

Red Canary Office Hours: Episode 29 – Uncovering OAuth threats: Detecting malicious Azure phishing campaigns

Air Date: August 19, 2025

Detecting malicious Azure phishing campaigns

Threat Hunters Alex Walston and Harrison Koll from our Intelligence Operations team join Office Hours. They share with us the basics of OAuth, and share the story of a malicious Azure application used to launch phishing campaigns from within the organization.

They then share how we detect these using available signals from Azure audit logs, Microsoft Defender signals, and more.

View the video
Episode 29: Uncovering OAuth threats
Resources mentioned in this episode
External resource
Azure OAuth registration settings
External resource
How-to on managing OAuth apps
Related Resources
Red Canary Office Hours: Episode 48 – How SOCs defend against AI-powered attacks
Videos| Security operations
Red Canary Office Hours: Episode 48 – How SOCs defend against AI-powered attacks
Red Canary Office Hours: Episode 47 – Fundamentals of building AI agent workflows in the SOC
Videos| Security operations
Red Canary Office Hours: Episode 47 – Fundamentals of building AI agent workflows in the SOC
Red Canary Office Hours: Episode 46 – Strengthening app control in the new year
Videos| Security operations
Red Canary Office Hours: Episode 46 – Strengthening app control in the new year
Red Canary Office Hours: Episode 45 – Unwrapping the mysteries of Shai Hulud
Videos| Security operations
Red Canary Office Hours: Episode 45 – Unwrapping the mysteries of Shai Hulud
 

See Red Canary in action

Watch the 10-minute demo now.
Watch the demo

Security gaps? We got you.

Sign up for our monthly email newsletter for expert insights on MDR, threat intel, and security ops—straight to your inbox.

 
 
 
 
Back to Top