Microsoft 365 OAuth Consent Defense
OAuth consent phishing against Microsoft 365 — what happens when no password is stolen
The attacker registers an app in their own tenant, tricks a user into clicking Accept, and gets Microsoft-signed …
Overview / Threat Model
12 min