AWS SSO device-code phishing TL;DR: IAM Identity Center device-flow phish yields long-lived SSO access tokens that survive disabling the targeted user. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://blog.christophetd.fr/phishing-for-aws-credentials-via-aws-sso-device-code-authentication/