webinar

GitHub Device Code Phishing:
From Research to Real-World Exploitation

This session reveals how attackers exploit GitHub’s OAuth2 device flow to bypass MFA and compromise environments with just a code and a call. Learn how it works and how to detect and defend against it.

Webinar Details

While security teams have focused on defending against Azure device code phishing, a new attack vector has emerged that’s flying under the radar. GitHub’s OAuth2 device flow represents an unexplored opportunity that our Red Team has weaponized with incredible effectiveness, achieving over 90% success rates using nothing more than an eight-digit code and a phone call. In recent Fortune 500 engagements, we’ve used this technique to compromise entire development environments, exfiltrate critical intellectual property, and maintain persistent access through OAuth tokens.

During this 30-minute session, our experts will demonstrate the complete attack chain and reveal how attackers can leverage pre-existing and custom OAuth applications to perfectly mimic legitimate corporate tools. Unlike traditional phishing, this technique exploits legitimate authentication flows and bypasses multi-factor authentication entirely. You’ll learn what signs to look for in your audit logs and how to protect your organization before you become the next victim.

Prevention first strategy under one unified platform.

Leverage continuous offensive security to ensure your next hour—and next dollar—are spent on breachable risk.