Similar User
@j0hn__f
@nmonkee
@fl1bbl3
@jukelennings
@marcwickenden
@NerdKernel
@lifestyle_ca
@Raiona_ZA
@scriptmonkey_
@metall0id
@MattWhatkins
@munrobotic
@Gman_H4ck3r
@Meatballs__
@Trifonkat
1/ The ongoing Snowflake situation has made me realize just how dangerous ghost logins – a SaaS-based persistence technique that I coined last year – can be as an initial access vector. So what is a ghost login, exactly?
Remember our Fake Cisco research? labs.withsecure.com/content/dam/la…
Counterfeit Cisco gear ended up in US military bases, used in combat operations trib.al/r7RSYBb
Oktajacking: A new attack using Okta's AD synchronization to do credential capture for you. Link to @jukelennings full post in 🧵 👊 Thanks to @_xpn_ @TrustedSec for the inspiration! #redteam #redteaming #pentest #pentesting #identitysecurity #SSO #okta #infosec
When the guy who fundamentally changed the way the world red-teams/pentests has something to say it's definitely worth a listen: @jukelennings of @PushSecurity on SAAS security talks to @SpecterOps - open.spotify.com/episode/6XQZtS…
What an advert for what the @PushSecurity team are building! securityweek.com/okta-hack-blam…
Employees are self-adopting SaaS apps and creating new cloud identities on their own. 💡 Consider Push to find these identities & guide employees to harden their accounts against attacks. Read the blog in the 🧵 👇 #identitysecurity #saassecurity #security #IAM #tprm
Attending #BlueHat? Don't miss Push's VP of Research @jukelennings speaking on the new SaaS cyber kill chain! #cybersecurity #saasattacks #saassecurity #infosec #security
Going to #hacktivity2023? Catch Push's Luke Jennings on Thursday, Oct 5 at 9am in the Security Dome! Link in 🧵 #SaaSsecurity #SaaSattacks #security #infosec
📣SPEAKER ANNOUNCEMENT📣 Our next #BlueHat speaker is Luke Jennings @jukelennings from Push Security! Luke will present a talk titled "The new SaaS cyber kill chain." 👏
Find out why SSO helps, but doesn't completely solve this problem Read the blog: bit.ly/3PPn4BQ
Credential stuffing: the most common attack against SaaS identities. 💥 Auth0 recently reported that credential stuffing accounts for *34% of overall traffic/authentication events on their platform.* Link in the 🧵! #credentialstuffing #saasattacks #identitysecurity #iam
Atos joins forces with @intigriti, the EU leading platform for #bugbounty and ethical hacking to offer a end-to-end service for organizations. But, what the hack is bug bounty? 🐛 And how can it help improve your digital security? Learn more 👇 spr.ly/6013yFgxP
PowerSaaS, you're saying, then? Will try to stop branding it, sorry...
I feel like shadow workflows are the closest equivalent of offensive PowerShell for the SaaS world. Check out the second post in my series on chaining SaaS attacks and come see me speak about this and a lot more at #44con on Thursday 14th September! pushsecurity.com/blog/nearly-in…
While OAuth scopes and third-party integrations provide seamless online user authentication, they also carry significant risk. 👀 Watch out for these common, dangerous scopes (more in the blog post, linked in 🧵!) #security #OAuth #thirdpartyrisk #tprm #sspm #casb #infosec
GM! Time to repost one of my favourite places on earth, Preston Bus Station.
Great interview with our CEO and co-founder @ajaybateman and @dspark on @CISOseries about "Securing identity in the age of self-service" "It's about creating a paved path for employees to walk..." Link in 🧵!
1/ I kinda accidentally owned myself with my own shadow workflow attack. I definitely think they are going to become a standard technique. I mean they are pretty much the offensive powershell of the SaaS world! So how did this happen?
🔎 Focus on account security to reduce SaaS risks 📑 Read our latest article to learn how to manage the risk of SaaS security, shadow IDs, identities, and accounts. Link in 🧵 #SaaSsecurity #shadowIT #shadowidentities #SaaSmanagement #SaaSsprawl #shadowaccounts
👋 New feature alert! Classify SaaS apps in the Push platform based on the sensitivity of the data they contain or the permissions they've been granted. Use the Approval status to capture your decision about an app -- is it in or out? Link in 🧵 #SaaSsecurity #security
United States Trends
- 1. Jack Smith 129 B posts
- 2. UConn 8.154 posts
- 3. Memphis 19,9 B posts
- 4. Solo Ball N/A
- 5. Dan Hurley N/A
- 6. Tyrese Hunter N/A
- 7. lana 53,5 B posts
- 8. Penny Hardaway N/A
- 9. Maui 7.138 posts
- 10. Mahaney N/A
- 11. Kreider 3.892 posts
- 12. Baymax 12,9 B posts
- 13. Harrison Barnes 1.337 posts
- 14. #ysltrial 4.557 posts
- 15. Andretti 5.961 posts
- 16. Happy Thanksgiving 16,9 B posts
- 17. Tarris Reed N/A
- 18. Newcastle 24 B posts
- 19. #squabbleup N/A
- 20. Haggerty N/A
Who to follow
-
john fitzpatrick
@j0hn__f -
nmonkee
@nmonkee -
Gary Smith
@fl1bbl3 -
Luke Jennings
@jukelennings -
Marc Wickenden
@marcwickenden -
James Loureiro
@NerdKernel -
Lifestyle.ca
@lifestyle_ca -
Christopher Panayi
@Raiona_ZA -
Scriptmonkey_
@scriptmonkey_ -
Tyrone Erasmus
@metall0id -
Matt Watkins
@MattWhatkins -
lɐʍɹǝuɔǝ ɯnuɹo
@munrobotic -
G Lafuente (G-man)
@Gman_H4ck3r -
Ben Campbell
@Meatballs__ -
Trifon
@Trifonkat
Something went wrong.
Something went wrong.