Kali365 PhaaS Kit: OAuth Device-Code Phishing Enables MFA-Satisfied Token Theft
End-to-end reverse engineering of the Kali365 (K365) Microsoft 365 Phishing-as-a-Service operator client, purchased web panel, and payment infrastructure — revealing OAuth device-code phishing (RFC 8628) that satisfies MFA legitimately to steal long-lived refresh tokens.
Ransom-ISAC Research Team
July 3, 2026
+6 contributors