Thanks to everyone who joined my DEFCON33 talk!๐
For those of you who missed it and are interested in seeing how we can extract cleartext credentials and bypass MFA directly from the official Microsoft login page, I just uploaded the recording to YouTube:
https://t.co/MoPQiKgesd
Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now itโs time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more! Read it all below ๐งต
Fellow Hackers!
Next Sat I will host the first Intigriti Open Port Event Germany in Heidelberg with amazing #kaeferjaeger!
The last spots are left to grab! ๐ฑ Tell us in the comments why you should get one ๐๏ธ I will DM the winners ๐
This is an in-person event only, not remote
@EricaZelic@DrAzureAD@_xpn_@rootsecdev@XPN@FuzzySec I have already checked this and had no success with it. there were a couple of file writes in %LOCALAPPDATA%\Packages\https://t.co/UIX6KTyaXu.Plugin_xxx\ but unfortunately I could not decrypt the files with DPAPI
does anyone know where office apps on a win11 (non joined device) store their refresh token? I find access tokens in process memory and in the file system, but no refresh token anywhere๐ค
@EricaZelic@DrAzureAD@_xpn_@rootsecdev@XPN@FuzzySec there are only acces token in "%LOCALAPPDATA%\Microsoft\TokenBroker\" and "%LOCALAPPDATA%\Microsoft\IdentityCache\" but no refresh token.
it would make kind of sense if the RT is "managed" by MSAL but that means it can't be requested on a normal way