Date: September 25, 2025 (GMT +8)

Time: 11:00

Phishing has moved beyond fake logins and credential harvesting—today the real prize is token theft. In this talk, we’ll take a practical “HOW TO” approach to show how attackers exploit OAuth 2.0 and Microsoft Entra ID, focusing on the Device Authorization Flow to bypass MFA and expand access across Microsoft services. We’ll trace real-world attack paths—user enumeration, internal phishing, privilege escalation—and show how refresh tokens can not only provide extended access, but also enable privilege escalation in Azure environments. Expect practical demos, post-exploitation insights, and Entra ID defenses to help teams fight back against this new wave of OAuth phishing.

Speaker

Nir Chako
Nir Chako is a Senior Security Researcher at Pentera, specializing in securing Kubernetes, containerized environments, and cloud infrastructure. His work focuses on vulnerability research and emerging attack vectors, integrating these insights into Pentera’s automated security validation platform. Before joining Pentera, he led a security research team at CyberArk.

« Back