Push Security

💡 Introducing a SaaS attack matrix of networkless SaaS attack techniques - This is how attackers can own a company without touching the endpoint or the network - These networkless attacks bypass EDR and network detection We hope this helps defenders better understand the threats they face. 💬 #Pentesters #Redteams We’d love to some comments or contributions for things you've tried on GitHub! Links in 🧵 #security #infosec #SaaSsecurity #supplychainsecurity

We’ve just shipped a really exciting new feature – detecting and blocking phishing toolkits like Evinginx, EvilnoVNC, Modlishka, Muraena etc. I recorded a quick video overview of how it works below 👇 This combines well with some of the other features we’ve been working on like password pinning (stopping attempts to use SSO creds anywhere but the legit login page) and detecting cloned login pages (coming soon!). By creating a layered defense, we aim to detect and stop attacks at multiple stages of the phishing and credential abuse attack chain. Check out the blog and let us know what you think! https://lnkd.in/dxaFBTcs P.S. If you want to learn more about these attacks (and see some cool attack demos), @ Luke Jennings is running a webinar on June 11th – you can sign up for it here: https://lnkd.in/eabsaGy9

As MFA has become more ubiquitous, attackers have changed their approach to harvesting creds. Join us next week for a webinar, led by Luke Jennings, discussing the rise of Attacker in the Middle phishing toolkits. Learn about what they look like and how to detect & block them where they happen--in the browser. 🤓 Pick your preferred time slot and RSVP here: https://lnkd.in/gCaiNkBw

Blue Team Con 2024 is proud to announce Push Security as our Ultimate sponsor.

⚠️ How to stop SaaS attacks: An unmissable webinar from Push Security ⚠️ Join guest chair Simon Mair for this crucial webinar presented by Luke Jennings. Examine real-life examples of SaaS-native techniques and how they can be chained together as part of ‘networkless’ attacks to bypass company endpoints. 📅 Friday 7 June ⏰ 11am 💻 Online Register below for your chance to join us https://lnkd.in/eK6NAEdj #saas #cyberattacks #networklessattack #security

We had a great first day at Identiverse! Luke did an awesome job showcasing his research on SaaS-native attack techniques. There was a great turnout and we loved chatting afterwards! If you didn’t get a chance to speak to us, you can find us today and tomorrow at Kiosk #5 – come and say hi!  If you want to see more of Luke’s research you can check out our upcoming webinar on the 11th June, where he’ll be taking a deep-dive into AitM phishing toolkits, demonstrating how they work – and how you can detect and block them.  Sign up here: https://lnkd.in/gG3W69GD

Luke Jennings is running a webinar on June 11 talking about the rise of AitM phishing toolkits – showing how they work, and what blue teams can do to detect and block them. MFA has made traditional cred harvesting attacks less effective, so it’s no surprise that attackers are changing their approach. AitM gives attackers a way of stealing MFA secret tokens without needing to go down the infostealer route of dropping malware on the (usually well-protected) endpoint. This allows them to steal all the secrets associated with a login and hijack live sessions – naturally, it’s very powerful when targeting things like SSO. I’ve had a sneak preview of the attack demos using some of these toolkits that Luke is putting together and they are really cool – definitely not to be missed! 👏 We’d love to see you there – you can sign up here: https://lnkd.in/enp3K4M7

Make sure you don't miss out on our upcoming webinar with Luke Jennings where he'll be demoing the use of AitM phishing toolkits to compromise cloud identities! 😎 Luke will talk about why AitM toolkits are now the go-to for malicious phishing campaigns, and what you can do to prevent and detect these toolkits. There are a few different time slots to choose from so you can catch this wherever you are. See you there! ✌

We're heading to Identiverse next week! If you're attending, we'd love to catch up! (And if you're not, consider booking that last minute trip to Vegas?...) Luke will be delivering a technical masterclass, demonstrating how to own a business without touching the endpoint by targeting SaaS apps and identities. It's one definitely not to miss, particularly if you're up for a technical deep-dive into these techniques and how they can be chained together. You can also catch Maddie at the booth – or drop us a message if you'd like to grab a coffee and chat identity security!

We’re seeing a lot of focus right now on Adversary in the Middle (AitM) phishing attacks. It’s easy to understand why offensive security is heading in this direction in order to get around widespread MFA, with traditional password harvesting tools becoming less effective. AitM phishing lets attackers steal live authenticated sessions via proxy by taking a detour via the attacker’s device. Browser-in-the-Middle (BitM), a kind of sub-technique, takes this even further with the victim directly controlling the attacker’s own browser remotely using remote control services. This enables the attacker to harvest not just the username and password, but all other associated secrets and tokens that go along with the login. It’s really important we build awareness of toolkits being used in modern phishing campaigns like Evilginx, EvilnoVNC, Modlishka, Muraena, Evilproxy… the list goes on. We’ve got some really cool feature updates coming up that I can’t wait to share, showing how we’re tackling these toolkits in the browser. More on that soon! In the meantime, Luke Jennings has published some awesome research into AitM toolkits which I really recommend you check out if you want to learn more about these attacks and how you can stop them: https://lnkd.in/eyUnkwWU Also, shout outs to some other great research in this space: – Lab539 – detecting sites running AitM tooling even before they’re used for the first time (a big improvement on typical blocklisting approaches!) https://lnkd.in/eW8wHNK5 – Thinkst Canary – detecting when your website or login portal is cloned to be used in a phishing attack https://lnkd.in/eB27G6b7 #aitm #phishing #identity #identityattacks #redteam #blueteam