IT & Identity Admins

The people holding the keys are the ones worth the most to compromise.

Most Exposed

IT Admins, identity and access teams

The Attack

Role-grant abuse, malicious OAuth consent, privilege escalation

Main Image


The attacks we stop:

  • A convincing message from "a manager" asks an admin to add a contractor to a privileged group for a project starting Monday

  • A staff member is tricked into approving an OAuth consent screen for a malicious app, quietly granting it standing access to company email and files

  • An attacker posing as an employee who's lost their laptop asks the service desk to reset their access and remove the device protection on their account

How we protect you:

  • We review who can grant a role, approve an application or reset protection for someone else, and how an attacker could chain those permissions together into something far larger

  • We run controlled exercises around the requests your admins actually receive, so a convincing approach is something they have seen before rather than for the first time when it matters

  • We focus protection on the moment those keys change hands, so that granting access, approving an app or resetting protection can't happen on a believable request alone, but is checked through something the attacker doesn't control


IT & Identity Admins

The people holding the keys are the ones worth the most to compromise.

Most Exposed

IT Admins, identity and access teams

The Attack

Role-grant abuse, malicious OAuth consent, privilege escalation

Main Image


The attacks we stop:

  • A convincing message from "a manager" asks an admin to add a contractor to a privileged group for a project starting Monday

  • A staff member is tricked into approving an OAuth consent screen for a malicious app, quietly granting it standing access to company email and files

  • An attacker posing as an employee who's lost their laptop asks the service desk to reset their access and remove the device protection on their account

How we protect you:

  • We review who can grant a role, approve an application or reset protection for someone else, and how an attacker could chain those permissions together into something far larger

  • We run controlled exercises around the requests your admins actually receive, so a convincing approach is something they have seen before rather than for the first time when it matters

  • We focus protection on the moment those keys change hands, so that granting access, approving an app or resetting protection can't happen on a believable request alone, but is checked through something the attacker doesn't control


IT & Identity Admins

The people holding the keys are the ones worth the most to compromise.

Most Exposed

IT Admins, identity and access teams

The Attack

Role-grant abuse, malicious OAuth consent, privilege escalation

Main Image


The attacks we stop:

  • A convincing message from "a manager" asks an admin to add a contractor to a privileged group for a project starting Monday

  • A staff member is tricked into approving an OAuth consent screen for a malicious app, quietly granting it standing access to company email and files

  • An attacker posing as an employee who's lost their laptop asks the service desk to reset their access and remove the device protection on their account

How we protect you:

  • We review who can grant a role, approve an application or reset protection for someone else, and how an attacker could chain those permissions together into something far larger

  • We run controlled exercises around the requests your admins actually receive, so a convincing approach is something they have seen before rather than for the first time when it matters

  • We focus protection on the moment those keys change hands, so that granting access, approving an app or resetting protection can't happen on a believable request alone, but is checked through something the attacker doesn't control