Microsoft 365 AiTM Defense
AiTM phishing, what actually happens, and what breaks each step
The attack in plain English, mapped to ATT&CK, and which defensive control kills which step. Read this before …
LinkedIn AiTM Defense
Controls that break LinkedIn AiTM. FIDO2, CASB, and the ones that do not work
FIDO2 makes the attack structurally impossible. CASB session policies catch the rest. Password managers, security awareness, and SSO …
Microsoft 365 OAuth Consent Defense
Why Conditional Access will not stop OAuth consent attacks (and what will)
CA gates sign-in. Consent happens after sign-in. Real prevention lives in three Entra ID consent-framework settings most established …
Microsoft 365 Device Code Defense
Blocking device code phishing in Microsoft 365, the CA policy that closes the flow
One Conditional Access policy blocks the entire device code flow. Most tenants have never deployed it. Here is …