Permissions: How many is too many? скачать в хорошем качестве

Permissions: How many is too many?

In this week's episode of SecOps Weekly Principal Threat Researcher Matt Graeber discusses OAuth consent grant attacks, a tactic used by adversaries to create malicious applications that mimic legitimate services like ChatGPT to trick users into granting excessive permissions. The discussion covers how these attacks work, the importance of app governance in managing the explosion of generative AI applications, and detection strategies using Entra ID audit logs. Key topics include distinguishing between legitimate and malicious applications, the risks of uncontrolled app consent, and recent attack evolution where adversaries abuse legitimate first-party applications with localhost redirect URIs. The conversation emphasizes the need for proper optics, detection capabilities, and automated remediation to combat these social engineering-driven threats that exploit OAuth consent mechanisms. #oauth #cyberattack #cyberattackawareness #cyberattackprevention #cybersecurity #securityoperations #securityoperationscenter #secops Chapters: 00:00 - 01:04 - Introduction 01:05 - 01:26 - Welcome to Red Canary SecOps Weekly! 01:27 - 04:21 - Who invited them? Preventing OAuth consent grant attacks 04:22 - 06:32 - Why are we talking about this? 06:33 - 09:31 - App consent threats/risks 09:32 - 27:21 - Case study: ChatGPT: Is this ChatGPT app legit? 27:22 - 29:41 - How to respond to app consent threats 29:42 - 34:19 - How are adversaries evolving? Follow us:   / redcanary     / redcanary   --- Red Canary stops cyber threats no one else does, so organizations can fearlessly pursue their missions. We do it by delivering managed detection and response (MDR) across enterprise endpoints, cloud workloads, network, identities, and SaaS apps. As a security ally, we define MDR in our own terms with unlimited 24×7 support, deep threat expertise, hands-on remediation, and by doing what’s right for customers and partners. Subscribe to our YouTube channel for frequently updated, how-to content about Atomic Red Team, threat hunting in security operations, MDR or Managed Detection and Response, and using the MITRE ATT&CK® framework.