In a recent blog post, security researcher Rik van Duijn shared an innovative take on phishing techniques targeting Microsoft Entra ID (formerly Azure Active Directory) environments. Inspired by a demo from the “Offensive Entra ID (Azure AD) and Hybrid AD Security” training by Dirk-jan, Duijn described how a modified EvilGinx phishing tool enables attackers to … Continue reading Microsoft Azure AD Hit by AiTM Attack Exploiting OAuth 2.0 Code Flow