Microsoft 365 AiTM Defense
AiTM phishing, what actually happens, and what breaks each step
The attack in plain English, mapped to ATT&CK, and which defensive control kills which step. Read this before …
Gmail BitM Defense
Browser-in-the-Middle attacks against Gmail, what makes them different from AiTM
BitM streams a real attacker-controlled browser to the victim instead of cloning HTML. FIDO2 does not help. The …
Microsoft 365 Device Code Defense
Device code phishing against Microsoft 365, how the attack inverts a legitimate OAuth flow
The victim authenticates to the real Microsoft sign-in page. MFA satisfies normally. FIDO2 does not stop it. The …