Device Code, OAuth, PhaaS: How Session Token Theft is Breaking the Phishing Playbook

Device Code, OAuth, PhaaS: How Session Token Theft is Breaking the Phishing Playbook

From ShadowTalk: Powered by ReliaQuest by ReliaQuest

May 27, 2026 · 29 min

About this episode

The episode discusses how session token theft is undermining traditional phishing defenses.

Your user clicked a link, landed on a real Microsoft login page, typed their password, completed MFA, and walked away thinking nothing happened. Somewhere across the internet, an attacker's device just received an authenticated session token. The password is irrelevant. The MFA prompt already fired and passed. With PhaaS platforms now converging on token-theft tradecraft and post-compromise automation executing in seconds, defenders are racing a scripted attacker with a manual playbook. Join ...

Topics covered

  • session token theft
  • phishing
  • cybersecurity
  • MFA
  • PhaaS
  • token-theft tradecraft

Keywords

  • session token
  • phishing
  • MFA
  • PhaaS
  • cybersecurity
  • token theft
  • authentication

Mentioned in this episode

Organizations: Microsoft, PhaaS

Products: MFA

More episodes of ShadowTalk: Powered by ReliaQuest

Explore listener stats, chart rankings, contacts and more on the ShadowTalk: Powered by ReliaQuest podcast page.