jsa2
commented
3 years ago Hi, as far as I've seen, unless a existing webhook for teams message in channel is leaked outside of the teams, the attacker has to go through phishing consent for their app Teams Resource Specific Consent
I have been wondering how concerned we need to be about rogue apps in Teams, have you given this any thought? Should we add something to this project to investigate this risk?