Token-Theft
Lessons from the field. Always landing on my feet.
All
Cloud Security
Identity Security
Microsoft Sentinel
AI Security
Detection Engineering
Threat Detection
Container Security
Microsoft Defender
DevSecOps
Zero Trust
Agentic AI
Entra ID
Infrastructure as Code
Microsoft Entra
2 posts
Block Device Code Phishing in Entra Without Breaking Legit Workflows
Device code phishing is nasty because the user does not hand over a password. They hand over a session. The lure sends the victim to a legitimate Microsoft device sign-in page. The victim enters a short code. Entra ID issues tokens to the attackerβs β¦
Detecting Infostealer Session Hijacking with Microsoft Sentinel
Nearly 70% of incidents in the Americas now begin with stolen or misused accounts. Infostealers are the engine behind that number β families like Lumma, RedLine, and Vidar export browser cookies and session tokens directly from the victimβs machine, β¦