Marketing user clicked Allow on 'Mail Reader Pro' OAuth consent — Mail.ReadWrite + Files.Read.All granted; 47 emails read in 30 min
A medium Cybersecurity scenario on Malicious OAuth Consent.
Start a graded attempt against this scenario. Your response is scored by the same deterministic rubric used across the catalog. Email and evidence content stay hidden until you start.
Launches this exact scenario. One of 5 templates in this Track + Difficulty pool.
catalog id · oauth-app-consent-mail-reader
What this scenario practices, mapped to recognized frameworks.
Educational mapping only. Not a compliance attestation.
- Cloud OAuth consent triage
- Mailbox-read persistence containment
- Account Manipulation · PersistenceT1098 · TA0003MappedHigh confidence
Trains triage of consent-grant persistence on a cloud account.
- User Account PermissionsD3-UAPMappedHigh confidence
Trains permission-scoping review on third-party app consent.
- User Account ContainmentD3-UACMappedMedium confidence
Trains account containment when consent is suspected to be malicious.
- Access Control · ProtectPR.AC · PRMappedHigh confidence
Trains access-control posture on cloud OAuth app delegations.
- IR lifecycle phaseDetection & AnalysisMappedHigh confidence
Trains scoping of consented apps and mailbox-read sessions.
- IR lifecycle phaseContainment, Eradication & RecoveryMappedHigh confidence
Trains consent-revocation and audit workflow.
- Phishing-Resistant MFA2.EMappedMedium confidence
Trains the MFA-resilience baseline against consent attacks.
- Revoking Credentials for Departing Employees2.DPartialLow confidence
Trains the broader credential-revocation discipline this scenario stresses.
- Access Control ManagementControl 6MappedHigh confidence
Trains the access-control review the scenario centers on.
- Account ManagementControl 5MappedHigh confidence
Trains the account-lifecycle response on consent-driven access.