The powershell code below is something everyone with an Azure AD Tenant should be running in their environment to spot check Granted OATH permissions. Attackers are utilizing malicious OATH grants for persistence. Want to learn more? See >> https://t.co/6EcoyguimQ https://t.co/zW42DYpjAS
— Root (@rootsecdev) July 13, 2020