SSO

5 articles

Email hijacking via OAuth

Email hijacking via OAuth

How attackers gain access to corporate services without stealing passwords or cookies: we’re analyzing the Shadow Token via Remote Debug technique used in ToddyCat APT attacks.