# Device Code Phishing

## Device Code Phishing

Dynamic device code phishing is an advanced form of phishing where attackers exploit the device authorization flow typically used for IoT devices and smart devices. By manipulating this flow, attackers trick users into granting them access tokens under the guise of legitimate requests. This method exploits users' unfamiliarity with the authorization process on certain devices, making it a potent threat.

{% content-ref url="/pages/11SYurXDekfjTL0l9uUP" %}
[Broken mention](broken://pages/11SYurXDekfjTL0l9uUP)
{% endcontent-ref %}

### TokenTactics

Using TokenTactic for device code phishing.

```powershell
Import-Module .\TokenTactics.psd1
Get-AzureToken -Client MSGraph
```

> Once the user has logged in, you'll be presented with the JWT and it will be saved in the $response variable. To access the access token use `$response.access_token` from your PowerShell window to display the token. You may also display the refresh token with `$response.refresh_token`. Hint: You'll want the refresh token to keep refreshing to new access tokens! By default, Get-AzureToken results are logged to TokenLog.log.

{% embed url="<https://github.com/rvrsh3ll/TokenTactics>" %}

### GraphRunner

```powershell
Import-Module .\GraphRunner.ps1
Get-GraphTokens
```

{% embed url="<https://github.com/dafthack/GraphRunner>" %}

### GraphSpy

```powershell
# Run GraphSpy on http://192.168.0.10
graphspy -i 192.168.0.10 -p 80
```

{% embed url="<https://github.com/RedByte1337/GraphSpy>" %}

## Dynamic Device Code Phishing

For more detailed insights on cybersecurity tactics such as dynamic device code phishing, you can explore the comprehensive article by Black Hills Information Security. Their research provides valuable information on the mechanisms and mitigation strategies for such phishing attacks.

{% embed url="<https://www.blackhillsinfosec.com/dynamic-device-code-phishing/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://rfc1918.gitbook.io/offsec/cloud/azure/initial-access/device-code-phishing.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.