SHOW NOTES

Principal Threat Researcher Matt Graeber discusses OAuth consent grant attacks, a tactic used by adversaries to create malicious applications that mimic legitimate services like ChatGPT to trick users into granting excessive permissions.

The discussion covers how these attacks work, the importance of app governance in managing the explosion of generative AI applications, and detection strategies using Entra ID audit logs.

Key topics include distinguishing between legitimate and malicious applications, the risks of uncontrolled app consent, and recent attack evolution where adversaries abuse legitimate first-party applications with localhost redirect URIs. The conversation emphasizes the need for proper optics, detection capabilities, and automated remediation to combat these social engineering-driven threats that exploit OAuth consent mechanisms.

Timestamps:

• 01:05 – Welcome to SecOps Weekly!
• 01:27 – Who invited them? Preventing OAuth consent grant attacks
• 04:22 – Why are we talking about this?
• 06:33 – App consent threats/risks
• 09:32 – Case study: ChatGPT: Is this ChatGPT app legit?
• 27:22 – How to respond to app consent threats
• 29:42 – How are adversaries evolving?