Jacques Louw
@jacques_sec
Followers
69
Following
43
Media
0
Statuses
31
Co-founder @pushsecurity
South Africa
Joined November 2017
If you're interested in defending against Cyberhaven-style attacks against browser extension vendors, I wrote a guide around hardening browser extension deployments you might find interesting:
pushsecurity.com
How extension developers can improve their security controls to prevent extension compromise.
0
0
1
1/ A new class of phishing - how verification phishing and cross-idp impersonation can bypass your SSO. Here is a video demo, but this is one where you really need to read the full article too - https://t.co/R6xZaawwpr I'll summarize the key points in this thread.
5
19
54
It's so cool to see the active development of evasion techniques in phishing kits - tells you a lot about the counter-evasion techniques they're running into!
Back by popular demand, I wrote a second part blog post on the many defense mechanisms phishing kits are using to avoid detection. This second part dives deep on one specific strategy - preventing detection of commonly cloned login pages e.g. Microsoft https://t.co/U2Pj2cClaU
0
0
0
I wrote a blog post on the many defense mechanisms phishing kits are using to avoid discovery and analysis now. I used a recent instance of NakedPages and cover 9 different techniques, including Cloudflare Workers and Turnstile abuse. IOCs included. https://t.co/759Yd0vxm3
pushsecurity.com
Taking a closer look at the steps that AitM phishing kits take to hide from the prying eyes of security teams and threat intelligence vendors.
0
33
76
Now you can detect and block identity attacks directly inside any web browser. 1. Stop corp password reuse and phishing 2. Detect EvilGinx/EvilNoVNC 3. Session Hijacking detection ... and more. Hear the full announcement on @riskybusiness
https://t.co/xQH9Yy2Kdj
0
8
11
Awesome post from @_xpn_
https://t.co/wlj9zo6e7x - thanks for sharing MalIDP, essential modern offensive tooling!
0
0
0
Really nice in-depth technical explanation of these new techniques.
I feel like shadow workflows are the closest equivalent of offensive PowerShell for the SaaS world. Check out the second post in my series on chaining SaaS attacks and come see me speak about this and a lot more at #44con on Thursday 14th September! https://t.co/EzsOLOQzQ2
0
0
0
Great interview with our CEO and co-founder @ajaybateman and @dspark on @CISOseries about "Securing identity in the age of self-service" "It's about creating a paved path for employees to walk..." Link in 🧵!
1
2
8
1/ I kinda accidentally owned myself with my own shadow workflow attack. I definitely think they are going to become a standard technique. I mean they are pretty much the offensive powershell of the SaaS world! So how did this happen?
1
6
10
👋 New feature alert! Classify SaaS apps in the Push platform based on the sensitivity of the data they contain or the permissions they've been granted. Use the Approval status to capture your decision about an app -- is it in or out? Link in 🧵 #SaaSsecurity #security
2
3
7
I’ve just released some research into 38 SaaS-native attack techniques across the kill chain and produced a SaaS attack matrix to go along with it. https://t.co/1bbkpI5IlC This is just the beginning but my hope is this will become an ongoing community project.
github.com
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown - pushsecurity/saas-attacks
1
40
78
📣 NEW FEATURE ALERT - Uncover shared SaaS accounts Tldr - Push can now show you which app accounts are being used by multiple employees and who's using them. #shadowit #security #infosec #rogueit #RiskManagement Give it a try for free: https://t.co/LF5E4oejP4
0
2
3
Big news today - we're announcing our $15M Series A funding round, led by @GVteam. @karimfaris @jonoberheide join our board, @dugsong @richwaldron
@frfrdufour join as investors, + @DecibelVC
https://t.co/3ZFhqib2Hq
#VC
0
7
15
Some amazing praise from Jason Waits, CISO at Inductive Automation on why we won their POC. His comments on our user-centric approach made our day! 🙌
0
3
10
Managed browser extension deployments are here! You can now be up and running with Push, with all of your employees onboarded, in minutes. https://t.co/clQrqzCx30
#SaaSsecurity #cloudsecurity
0
2
5
Stop blocking. Instead, equip employees to secure their SaaS. There's a better approach to securing SaaS than simply blocking and restricting unsanctioned apps https://t.co/V3qNxxOOrV
#SaaSsecurity #CASB #infosec
0
2
10
Here's a quick guide to finding the right SaaS security solution for your company. It's basically a choose-your-own-adventure for finding a good fit for your specific use case, infrastructure, and data. https://t.co/IaIQGIPP2X
#SaaSSecurity #CloudSecurity
0
2
3
We’re excited to announce our investment in @PushSecurity, a new cybersecurity company that uses conversational AI to help users protect themselves while using SaaS applications at work. Read our Q&A with the founders to learn more:
decibel.vc
Today, we’re excited to announce our investment in Push Security, a new cybersecurity company that uses conversational AI to help users protect themselves while using SaaS applications at work. Push...
0
6
12
Huge thanks to @DecibelVC @jonoberheide @viega @iantshaw @haroonmeer @ollieatnccgroup @hg79 @devata @ptrbkr for all your support!! We couldn't have done it without you <3
1
2
7
Push Security launches to make SaaS sprawl and shadow IT safer https://t.co/7xqIyGokIv by @psawers
1
17
26