I'm super excited to announce that I've joined Permiso Security as a Principal Security Researcher! Stoked to be reunited with the fiercely fun & technical 1aN0rmus on the p0 Labs research team. Several weeks in & I'm super impressed by the team, tools, data & capabilities.

.1aN0rmus & the Permiso Security p0 Labs team get it. This time showing you how older techniques like HIST* mods can be combined with new signal to hunt for credential harvesting campaigns $hist1 = "HISTSIZE=0" $hist2 = "unset HISTFILE" 🆕 permiso.io/blog/s/christm… 🎅

Checkout some of the great research from the Permiso Security p0 Labs team from last year: 1. #Okta Impersonation: permiso.io/blog/s/down-wi… 2. Anatomy of an #AWS attack: permiso.io/blog/s/anatomy… 3. #Cloud Cred Harvesting: permiso.io/blog/s/christm… ... and more!

Permiso Security & Expel both writing a blog within a week of each other explaining how threat actors are exploiting the Simple Email Service (SES) within #aws. Please read and learn from these articles! permiso.io/blog/s/aws-ses… #cloud #threatdetection

🔖 Cloud Cred Harvesting Campaign A credential harvesting campaign targeting cloud infrastructure. The majority of the victim system were running public facing Juptyer Notebooks. From Permiso Security permiso.io/blog/s/christm…

🔖 SES-pionage What do attackers do with exposed AWS access keys? This blog looks inside AWS SES to give deeper insights into the service, why & how its targeted and how to detect it. From Permiso Security permiso.io/blog/s/aws-ses…

Compromised Access Keys aren't the only vector for #cloud Attacks. Checkout our (Permiso Security ) latest article where we detail an ongoing wateringhole attack targeting #AWS management console users via #google ads. permiso.io/blog/s/waterin…

Meet the p0 Labs team: #pixelart version. #FollowFriday Permiso Security @Security_Nate Daniel Bohannon Bleon Proko Opie

2022 was a great year for the Permiso Security p0 Labs team. Hundreds of hours dedicated to researching, detecting, and helping our clients responds to #cloud attacks. Here are some of our observations: permiso.io/blog/s/permiso…

Cloud Apps Still Demand Way More Privileges Than They Use darkreading.com/tech-trends/cl… via Dark Reading Permiso Security #CSPM #AppSec

Last week we Permiso Security wrote an article permiso.io/blog/s/waterin… speaking to a #google ads phishing campaign targeting #brazilian #AWS users. Tom Hegel discovered the next phase of the attackers campaign, catch the details from the SentinelOne team sentinelone.com/blog/cloud-cre…

Keep an eye out for usage of deprecated #AWS policies. Bleon Proko makes his Permiso Security p0 Labs blog debut talking about the dangers of the deprecated policy AmazonEC2RoleforSSM permiso.io/blog/s/depreca…

Here Permiso Security the focus is on detection of #identity and #cloud threat activity. #Detection can be an art form with various methodologies. In this article we describe our approach to detection using AndroxGh0st and GreenBot as an example! permiso.io/blog/s/approac…

New joint release with our friends at Permiso Security / p0 Labs 👇 AWS-Targeting Cred Stealer Expands to Azure, GCP 💜 s1.ai/cloudcreds 💜 permiso.io/blog/s/agile-a… Alex Delamotte 1aN0rmus Daniel Bohannon #ThreatIntel

Beware of LUCR-3! 🚨 Threat actor that overlaps with Scattered Spider, Oktapus, UNC3944, & STORM-0875, they exploit IDPs for initial access & aim to steal IP for extortion. They use victims' tools and evade detection with expertise. Permiso Security permiso.io/blog/lucr-3-sc…

Excellent 🆕blog from Permiso Security on the most disruptive criminal intrusion set we're all working on. Blog details evasive techniques scattered across SaaS & multi-cloud environments.

📴Hopefully your org doesn't allow SMS for 2FA (especially for privileged accounts in Azure AD). Don't stop at disabling it. Monitor for threat actors trying to modify it. Nice transparency into threat actor tampering & recommendations 1aN0rmus/p0 Labs 📰Full blog:

An area needing attention for protecting modern applications against threats👇 -access via IDP identities -LUCR-3 uses SaaS applications to learn how the victim organization operates and how to access sensitive information."  #cloudsecurity #iam #sspm #appsec Permiso Security

An iPhone user suddenly having an Android is 🚨

Dadgum, this is a good and content-rich read. Lots of crisp TTPs to consider detections for. permiso.io/blog/lucr-3-sc… // hat tip Permiso Security 1aN0rmus