Cyber Creatures

  In this brilliant blog ( https://cybercreatures.blogspot.com/search/label/Phishing ) by @ Jay Bhatt , he introduced a method of phishing M365 accounts that threat actors can leverage by abusing device code authentication. There have been a lot of great blogs citing this technique but not much written about the detection… which is why I am here 🙂 The reason I am writing about this technique is that it’s significantly more difficult to detect than OAuth abuse for malicious application registrations. The reason for this is, the entire premise of the phish occurs within the microsoftonline.com namespace and does not redirect the user to any third-party website and there is no need for any 3rd party application authorization/registration. This method of phishing also bypasses MFA requirements as the attacker gains access to the user’s refresh and access token.  I wanted to revisit this technique and blog about a detection for this type of attack. As usual, I’ve broken this...

Clickjacking is simply an attack that manipulates the users to click buttons on web pages that are hidden or disguised as legitimate elements. This can cause the unintentional download of malware, leaking credentials, redirecting to a malicious web page , transfer of money, and so on from the victim’s device . This can cause serious damage for the user as well as the organization as sensitive information of the user or the organization is being leaked or damage is caused to the system . So let us learn how we can find this vulnerability. How to find it One simple way to find this is by visiting a website , going to the sign-up page , and copying its URL (" http://testphp.vulnweb.com/ ") . Paste the URL in the code at the iframe src element . Now save this file as .html and open it in your browser . If you can see the changes as below pictures , then the web application is vulnerable to clickjacking . Original Web page Malicious web page There are ma...

Introduction Hackers are constantly looking for ways to automate their processes and increase their efficiency. One of the most common tasks they carry out is reconnaissance, or “recon”. Recon is an important part of the hacking process because it helps hackers to identify potential targets and gather information about them. By combining some of the best tools and techniques, hackers can automate their recon process, making it faster and more efficient. In this article, we’ll explore how hackers automate their recon process by combining some of the best tools and techniques. What Is Recon? Before we get into how hackers automate their recon process, it’s important to understand what recon is and why it’s important. Recon is the process of gathering information about a target before an attack. This information can include IP addresses, usernames, passwords, ports, services, vulnerabilities, and more. By gathering this information, hackers can identify potential targets and plan th...

Hello everyone . Hope you are doing good. Today let us talk about 2 Factor Authentication bypass, and how it can be done. Without any delay let us dive into our maze. What is 2FA 2FA stands for 2-factor authentication. It is used as an additional layer of security for user accounts. This simply means there will be two factors for you to authenticate into your account. One is simply your credentials, and if due to some case they are compromised the additional layer(second authentication) can protect your account from getting takeover. This can be of many forms like Sending verification code to email Sending OTP to email or mobile number Third-party app-generated codes Verification through QR codes SMS verification This provides an extra layer of security for user accounts. Even if your credentials got exposed, your account can still be safe if you have your 2FA turned on. But what if this 2FA is also vulnerable. Then your account is not safe even if you have your 2FA turned on. So this ...