Microsoft 365 AiTM Defense
AiTM phishing, what actually happens, and what breaks each step
The attack in plain English, mapped to ATT&CK, and which defensive control kills which step. Read this before …
LinkedIn AiTM Defense
LinkedIn AiTM phishing, what actually happens, step by step
The attack in plain English. What gets captured, when reCAPTCHA matters, why li_at is the prize, and which …
Microsoft 365 OAuth Consent Defense
OAuth consent phishing against Microsoft 365, what happens when no password is stolen
The attacker registers an app in their own tenant, tricks a user into clicking Accept, and gets Microsoft-signed …
Gmail BitM Defense
Browser-in-the-Middle attacks against Gmail, what makes them different from AiTM
BitM streams a real attacker-controlled browser to the victim instead of cloning HTML. FIDO2 does not help. The …
Microsoft 365 Device Code Defense
Device code phishing against Microsoft 365, how the attack inverts a legitimate OAuth flow
The victim authenticates to the real Microsoft sign-in page. MFA satisfies normally. FIDO2 does not stop it. The …