dugganusa pduggusa
pduggusa
/ device-code-vishing-huntress-scope.kql
Created
May 5, 2026 19:23
Device-Code Vishing Detection β Huntress Scope Β· DugganUSA LLC Β· 2026-05-05
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| // Device-Code Vishing Detection β Huntress Scope | |
| // DugganUSA LLC Β· Patrick Duggan Β· 2026-05-05 | |
| // | |
| // This is the attack chain Microsoft published on May 3, 2026 β the same | |
| // vish-chain we'd warned Medtronic about on March 16. Attacker calls victim, | |
| // walks them through microsoft.com/devicelogin, victim enters the attacker's | |
| // code, attacker walks out with a refresh token for the victim's tenant. | |
| // | |
| // Three queries: |