Practical OAuth Abuse for Offensive Operations – Part 1

Background OAuth is an open authorization standard that facilitates unrelated servers and services working together, allowing access to their assets without sharing the initial, related, single logon credential. I have been thinking of it as a kind of Kerberos for external services, without a shared domain or forest. A familiar instance would be authentication to … Continue reading Practical OAuth Abuse for Offensive Operations – Part 1