Detects OAuth token theft via login log analysis for impossible travel, new devices, abnormal IP replays, and unusual scope requests using Microsoft Graph and Okta APIs.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
分析 OAuth 登录遥测数据,识别令牌盗窃指标,包括不可能旅行、设备指纹变更和令牌重放攻击。
Detects OAuth token theft, replay attacks, PRT abuse, and pass-the-cookie in Microsoft Entra ID (Azure AD) via conditional access, sign-in anomalies, and log analysis.
Detects and responds to OAuth token theft and replay attacks in Microsoft Entra ID (Azure AD) environments using conditional access policies and sign-in anomaly detection. For investigating cloud identity attacks like PRT abuse and pass-the-cookie.
Tests OAuth 2.0/OIDC implementations for authorization code interception, PKCE bypass, open redirect chains, token leakage, state CSRF, token substitution, JWT confusion, implicit flow theft, and misconfigurations in bug bounty targets.
Share bugs, ideas, or general feedback.
分析 OAuth 登录遥测数据,识别令牌盗窃指标,包括不可能旅行、设备指纹变更和令牌重放攻击。