SquarePhish 2.0 - Nevada Romsdahl & Kam Talebzadeh
Disobey 2026 · Main Stage
In this Disobey conference talk, CrowdStrike security researchers Nevada Romsdahl and Kam Talebzadeh unveiled SquarePhish 2.0, an advanced open-source tool designed to streamline and enhance device code phishing attacks. The presentation delved into the evolution of phishing techniques, highlighting how traditional credential harvesting and payload delivery have become less effective against modern defenses like Multi-Factor Authentication (MFA) and Endpoint Detection and Response (EDR). SquarePhish 2.0 specifically targets the **OAuth 2.0 device code authentication flow**, a legitimate mechanism used for logging into devices like smart TVs or gaming consoles, to obtain post-authentication tokens.
AI review
Solid red team research that moves the device code phishing conversation forward in concrete, measurable ways — PRT acquisition via the Auth Broker client ID is the real payload here, not just the QR code timing trick. The work is original, tooled, demoed live, and already observed in the wild (Storm-2372), which closes the loop from research to reality. Not a 5 because the core OAuth device code abuse isn't new, and the defensive section is competent but thin.