πŸ›‘οΈ InfoSec Blue Team Briefing

Wednesday, July 08, 2026

🎧 Audio Briefing

Download MP3

Cyber security developments for Wednesday the 8th of July 2026 covering articles added to the BlueTeamSec community on infosec.pub. Today we have 2 articles to cover. All attribution is by the article authors. All article analysis is automated.

Rasta Mouse has written up a modular API hooking technique called hook chains that lets you register multiple hook functions in sequence for a single API call. The approach splits complex tradecraft operations like stack spoofing and payload masking into discrete functions rather than one monolithic hook, which is particularly useful if you're building frameworks that need to compose evasion techniques cleanly.

Casey Smith has released EasyTokens, an adversary emulation tool that replicates the device-code phishing technique we've seen in campaigns like the ARToken operation covered earlier this week. It targets Microsoft 365 by exploiting the OAuth device authorisation flow to capture access and refresh tokens when victims authenticate at the legitimate Microsoft device login portal. One for red teams or anyone testing defences against OAuth-based phishing.

That concludes today's briefing.

πŸ“° Articles Covered