detecting-oauth-token-theft
CommunityDetect OAuth token theft and replay attacks.
Software Engineering#oauth#incident-response#cloud-security#azure-ad#sign-in-logs#token-theft#token-replay
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
OAuth token theft and replay attacks in cloud environments undermine access security by exposing session tokens and enabling unauthorized access. This skill helps security teams identify anomalous sign-ins, bound-device failures, and token misuse patterns across cloud identities.
Core Features & Use Cases
- Detects impossible travel, token replay, and new-device sign-ins from sign-in logs.
- Monitors OAuth scope requests for potentially dangerous permission grants and unusual consent patterns.
- Supports Entra ID / Azure AD environments, sign-in log analytics, and incident-response playbooks.
Quick Start
Run the detection agent against your sign-in logs to generate a security alert report.
Dependency Matrix
Required Modules
requests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: detecting-oauth-token-theft Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#detecting-oauth-token-theft Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.