Skip to content
Syne's Cyber Corner

A Very Cool and Serious Website

  • Home
  • About
  • Home
  • About

Common Oauth Apps Used in Business Email Compromise

Posted by By syne0 August 29, 2024
This article serves as another place to document some common (and not so common) Oauth applications that are abused for malicious purposes during a BEC. Some are well documented, while…
Read More

Malicious Usage of eM Client In Business Email Compromise

Posted by By syne0 January 31, 2024
If you've found your way to this article, it's likely because you have found a suspicious application content for eM Client. This is an application that is similar in it's…
Read More

Syne’s Declassified O365 Email Compromise Investigation Guide

Posted by By syne0 September 3, 2023
AKA newb's guide to investigating an email compromise. (Yes, I did spend 3x the amount of time making that image then I did writing the article, what about it??) Disclaimer…
Read More

Malicious Azure Application PERFECTDATA SOFTWARE and Microsoft 365 Business Email Compromise

Posted by By syne0 July 10, 2023
Edit 04/13/25: The newest version of the software behind this application has changed. Now, the application's name within a tenant will be Mail_Backup. The app id is now 2ef68ccc-8a4d-42ff-ae88-2d7bb89ad139. Most…
Read More

Recent Posts

  • PERFECTDATA SOFTWARE Rebrands to Mail_Backup
  • Osprey – An Alternative to the Hawk PowerShell Module for Email Compromise Investigations
  • Common Oauth Apps Used in Business Email Compromise
  • Redditor Gets Malware From Vibrator (& Why I think It’s a Hoax)
  • Malicious Usage of eM Client In Business Email Compromise

Supporters

Interested in having your name and your blog/project/social here? Join the membership on Ko-Fi.

Categories

  • Azure AD
  • Conferences
  • Featured
  • Forensics
  • Incident Response
  • Malware
  • Office 365
  • Shodan
Copyright 2025 — Syne's Cyber Corner. All rights reserved. Bloglo WordPress Theme
Scroll to Top