Mark Orlando

In this conversation, Mark Orlando, Push Security's Field CTO and an expert in detection and response, shares insights on evolving browser-based attacks. He introduces ConsentFix, a unique attack that hijacks OAuth consent grants, and explains its sophisticated workings, including evasion of detection mechanisms. The discussion highlights browsers as blind spots, revealing the limitations of existing security models and the crucial need for modern taxonomies in combating phishing and in-browser threats. Orlando's research-driven approach aims to enhance community awareness and defenses.