💡 Introducing a SaaS attack matrix of networkless SaaS attack techniques - These attacks bypass EDR and network detection 💬 #Pentesters #Redteams We’d love to some comments or contributions for things you've tried on GitHub! Links in 🧵 #security #infosec #SaaSsecurity

Attacks have moved away from endpoints and internal networks to the browser — a blind spot for traditional security tools. Read more below 👇 https://t.co/d5VjaaSxb1

🚀 We’re thrilled to announce our $30M Series B led by @Redpoint, supercharging our mission to stop identity attacks 🚀 Check out the press release here: https://t.co/TfPwOsvxpk

Have you signed up to see @jukelennings use OpenAI Operator to automate identity attacks? Watch the clip below to see how it responds when tasked with logging into apps using stolen credentials. Want to see more? Register for the webinar here 👇 https://t.co/0NEBn6EHzi

We're ready for @BlackHatEvents Europe this week! Stop by booth 436 to chat with @ajaybateman, @jukelennings and the team about the rise in identity attacks – and how Push's browser-based ITDR solution gives defenders the advantage they need. We’ve got brand new swag too!

1/ A new class of phishing - how verification phishing and cross-idp impersonation can bypass your SSO. Here is a video demo, but this is one where you really need to read the full article too - https://t.co/R6xZaawwpr I'll summarize the key points in this thread.

Are you at GrrCON? Join us tonight for an epic evening of delicious food, refreshing drinks, and fantastic networking. Spots are going quickly! Register now:

Ready to meet the REAL cookie monster? Join us on September 12th where @jukelennings will be compromising MFA-protected services by stealing session cookies and hijacking live sessions. Don’t miss out – register here: https://t.co/xydJIwSPX4

Don't miss out on our upcoming webinar where @jukelennings will be demoing infostealers, showing how to steal cookies and hijack sessions for MFA-protected services like M365 and downstream SaaS apps. Details below 👇 Pick a time and register here: https://t.co/xydJIwTnMC

Some of my research on SaaS attacks, including ghost logins and other persistence vectors, made it on to @DarknetDiaries Achievement unlocked.

I wrote a blog post on the many defense mechanisms phishing kits are using to avoid discovery and analysis now. I used a recent instance of NakedPages and cover 9 different techniques, including Cloudflare Workers and Turnstile abuse. IOCs included. https://t.co/759Yd0vxm3

Join us for happy hour with @sublime_sec on August 8! Grab a drink, have a bite, catch up with old friends (and make some new ones) at KUMI in Mandalay Bay! RSVP: https://t.co/1agDDzz5DO

If you missed my Snowflake webinar yesterday and you’re impacted by the recent breach, you can check out this link to the demo segment from the webinar, where I show how to disable ghost logins in Snowflake. Remember, this is not just a Snowflake problem https://t.co/yKr7N6KANu

Is the Snowflake breach, touted as the biggest in history, identity security’s WannaCry moment? Join Luke Jennings, VP R&D at @PushSecurity, to explore what Snowflake shows us about the complexity of the identity attack surface, and discuss the practical steps that

The Snowflake breach will be for cloud identity attacks what WannaCry was for Ransomware. Join @jukelennings to explore the practical takeaways from the incident. Select the best time for you using the dropdown menu. https://t.co/2JnS0FfB5C

7/ Well, when we investigated, we discovered that if you enable SAML SSO for a Snowflake account for a local account with no MFA, the local password still works unless you explicitly create an authentication policy to prevent it.

1/ The ongoing Snowflake situation has made me realize just how dangerous ghost logins – a SaaS-based persistence technique that I coined last year – can be as an initial access vector. So what is a ghost login, exactly?

Check out our upcoming webinar with @jukelennings where he'll be demoing the use of AitM phishing toolkits to compromise cloud identities! 😎 There are a few different time slots to choose from so you can catch this wherever you are. https://t.co/8RZq8nZOBV

Are you heading to Identiverse next week? @jukelennings will be delivering a technical masterclass demonstrating how to own a business without touching the endpoint, by targeting SaaS apps and identities. Don't miss it!

Check out our latest case study from Upvest! A major draw for Upvest was the power of our browser extension for identity threat detection and response, which we’re not seeing many other orgs in the ITDR space make use of. Read here: https://t.co/k7kZZUqnek

Detecting phishing sites that constantly change can feel like trying to hit a moving target. We're taking a different approach by detecting (and blocking!) phishing in the browser by preventing creds being entered anywhere except legit login pages. https://t.co/pyPDJpCJyp