This article emphasizes the importance of auditing OAuth apps in Microsoft 365 tenants to detect malicious applications. Huntress Labs provides tools and strategies to identify rogue and stealthware applications that pose security risks. #AzureApplications #OAuthIllicitConsentGrantAttacks
Keypoints
- Organizations managing Microsoft 365 tenants should audit their OAuth apps regularly to identify malicious entities.
- Azure applications include Enterprise Applications and Application Registrations, which can be exploited by attackers.
- Huntress Labs developed Cazadora, an open-source script, to help detect suspicious apps in Azure environments.
- Approximately 10% of tenants surveyed contain at least one rogue app, including Traitorware and Stealthware types.
- Monitoring app behaviors and permissions can aid in early detection of malicious or compromised applications.