Tradecraft Tuesday | We Need to Talk About Device Code Phishing
On Valentine’s Day 2025, a Russian threat actor, Storm-2372, used OAuth device code flow to hijack Microsoft Entra device registration to obtain the Primary Refresh Token (PRT) and persistence—and it hit nearly every Microsoft customer. Then, in March 2026, the EvilTokens campaign used device code phishing and Railway to automate large-scale attacks. OAuth device-code phishing has skyrocketed, and threat actors are only finding new ways to do it. Let’s find out what’s really going on. On this month’s Tradecraft Tuesday, we'll look at device-code phishing variations across different apps and stacks, how threat actors are bypassing code expiration times and delivery mechanisms, and where we see this threat evolving in the future.
▶︎
Tradecraft Tuesday | How Ransomware-as-a-Service Fits in the Ransomware Economy
▶︎
OWASP Top 10 2025: Your complete guide to securing your applications
▶︎
Build a Real-Time Logistics Tracker with Python & AWS
▶︎
Attacking AI - Jason Haddix - NDC Security 2026
▶︎
I Don't Think I Can Go Back To Windows...
▶︎
Is the AI Boom About to COLLAPSE?
▶︎
Samsung's 990 Pro SSD warranty policy is a scam; I'm taking them to court.
▶︎
The Product Lab | May 2026
▶︎
I Found The $200,000 Missing Lego
▶︎
How to Detect a Fake Cell Tower Spying on Your Phone (Stingray)
▶︎
The Malicious Use of AI - Anthropic’s Red Team Report
▶︎
Sarah Paine - Why Putin and Xi can't escape geography
▶︎
Agent 365 and Agent ID Overview
▶︎
The VPN Arms Race - They Block, We Figure Out a Counter
▶︎
Community Fireside Chat | Burnout is a Security Risk: Strategies for Maintaining an Alert Team
▶︎
Inside Anthropic, the $965 Billion AI Juggernaut | The Circuit
▶︎
AI That’s Too Dangerous For You? What we learned from S.A.T.A.N
▶︎
Hackers can bypass Your MFA In 2026 (And How To Stop It)
▶︎
How to Hide in Plain Sight: Next-Level Digital Privacy | Ivan Banov at BSidesCache 2025
▶︎