Multi-factor authentication, even based on WebAuthn, won’t protect you from device code phishing attacks. As such, they pose a significant risk within the Microsoft 365 (M365) ecosystem. This sophisticated form of cyber-attack involves malicious actors attempting to trick users into revealing their access tokens for M365 services such as Office 365, Teams, or SharePoint Online.

Successful adversaries can hijack Azure AD user accounts, compromising emails, documents, and potentially sensitive corporate data. The consequences can be severe, including unauthorised data access, data breaches, identity theft, financial loss, reputational damage, and even regulatory non-compliance.

To mitigate these risks, it is critical to implement strong conditional access policies, regular security awareness training, and vigilant monitoring of suspicious activity within the M365 environment.

Felix will walk you through the nifty details of the attack, demonstrate a piece of custom Compass middleware that simplifies the execution of device code phishing exercises, and discuss the limits of common mitigations.

About the speaker

Felix Aeppli

Security Analyst at Compass Security (Schweiz)

Felix Aeppli is a Security Analyst at Compass, a passionate Penetration Tester and Red Teamer. With a career spanning 15 years in cybersecurity, Felix has established himself as a professional in the cybersecurity industry. Felix’s background in network and systems security engineering, combined with his attention to detail, allows him to distinguish academic vulnerabilities from serious ones and guide clients with effective mitigation strategies. With a passion for staying ahead of emerging threats, Felix enjoys constantly honing his skills and keeping abreast of the latest industry trends.
Read more …