Deceptive OAuth 2.0 Consent Screen

Engage Goals: EGO0003 Elicit

Engage Approach: EAP0001 Collect

Engage Actions: EAC0015 Information Manipulation, EAC0018 Security Controls

Name of Element: Deceptive OAuth 2.0 Consent Screen

Description of Element:

Craft a fake OAuth 2.0 consent screen that mimics a legitimate Google service but requests excessive or unusual permissions. Monitor interactions with this screen to identify attackers attempting to trick users into granting unauthorized access.

Technical Context:

Placement: Integrated into a decoy web application or a controlled phishing campaign.

Requires knowledge of OAuth 2.0 flows and Google’s consent screen implementation.

Develop a web application that integrates with Google Identity Platform. Configure the OAuth 2.0 consent screen to request sensitive scopes (e.g., “[invalid URL removed]”, “[invalid URL removed]”) and utilize social engineering tactics in the application’s description and branding to entice users to grant consent. Implement logging to capture user interactions and granted permissions.

Other:

Att&ck/Engage Mapping: T1566 Phishing, E1501 Honeytrap

Leave a Reply Cancel reply

ORION Detlab: Forging Resilient Detections in the HEFAISTOS Ecosystem

The Maieutic Engine: Birth of a New Detection Engineering Paradigm

The Forge, The Guide, and The Hunter: Unifying Detection Engineering with the Mythological Triad of HEFAISTOS, KEDALION, and ORION

Dendrite: Bridging the Synaptic Gap Between External Intelligence and Internal Defense