Threat Hunters Alex Walston and Harrison Koll from our Intelligence Operations team join Office Hours. They share with us the basics of OAuth, and share the story of a malicious Azure application used to launch phishing campaigns from within the organization.
They then share how we detect these using available signals from Azure audit logs, Microsoft Defender signals, and more.
View the video