Host Caleb Tolin sits down with Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint and Host of the DISCARDED podcast, to discuss the mechanics of device code phishing and the widespread abuse of Microsoft OAuth authentication flows. The conversation explores the historical evolution of credential fishing from early red team testing to modern phishing as a service kits distributed across cyber criminal forums. Selena breaks down how financially motivated adversaries execute account takeovers and navigate enterprise infrastructure once initial access is achieved.