Blog

365-Stealer is phishing tool written in python3 which abuses App registrations to perform illicit consent grant attack.

I have been currently working on Azure and Office365 to explore and learn various techniques to abuse its features. In this blog we will see how Azure app registration feature can be leveraged to phish users in the same tenant and steal their access token which will allow us to do malicious activity. Before introducing my tool, I would like to thank 0x09AL for writing office365-attack-toolkit . Office365 Attack Toolkit was originally written in Golang when I first started us

Hello All, In this post I will provide you an overview about the new tool that I wrote to encrypt the shellcode using XOR & AES...