Push (@pushsecurity) 's Twitter Profile
Push

@pushsecurity

A browser-based agent that detects and prevents identity breaches.

ID: 1193039287249494016

linkhttps://pushsecurity.com calendar_today09-11-2019 05:36:02

298 Tweet

510 Followers

70 Following

Push (@pushsecurity) 's Twitter Profile Photo

Detecting phishing sites that constantly change can feel like trying to hit a moving target. We're taking a different approach by detecting (and blocking!) phishing in the browser by preventing creds being entered anywhere except legit login pages. pushsecurity.com/blog/introduci…

Push (@pushsecurity) 's Twitter Profile Photo

Check out our latest case study from Upvest! A major draw for Upvest was the power of our browser extension for identity threat detection and response, which we’re not seeing many other orgs in the ITDR space make use of. Read here: pushsecurity.com/resources/cust…

Check out our latest case study from Upvest! A major draw for Upvest was the power of our browser extension for identity threat detection and response, which we’re not seeing many other orgs in the ITDR space make use of. Read here: pushsecurity.com/resources/cust…
Push (@pushsecurity) 's Twitter Profile Photo

Are you heading to Identiverse next week? Luke Jennings will be delivering a technical masterclass demonstrating how to own a business without touching the endpoint, by targeting SaaS apps and identities. Don't miss it!

Are you heading to Identiverse next week? <a href="/jukelennings/">Luke Jennings</a> will be delivering a technical masterclass demonstrating how to own a business without touching the endpoint, by targeting SaaS apps and identities. Don't miss it!
Push (@pushsecurity) 's Twitter Profile Photo

Check out our upcoming webinar with Luke Jennings where he'll be demoing the use of AitM phishing toolkits to compromise cloud identities! 😎 There are a few different time slots to choose from so you can catch this wherever you are. app.livestorm.co/push/phishing?…

Check out our upcoming webinar with <a href="/jukelennings/">Luke Jennings</a> where he'll be demoing the use of AitM phishing toolkits to compromise cloud identities! 😎 

There are a few different time slots to choose from so you can catch this wherever you are.

app.livestorm.co/push/phishing?…
Luke Jennings (@jukelennings) 's Twitter Profile Photo

1/ The ongoing Snowflake situation has made me realize just how dangerous ghost logins – a SaaS-based persistence technique that I coined last year – can be as an initial access vector. So what is a ghost login, exactly?

Luke Jennings (@jukelennings) 's Twitter Profile Photo

7/ Well, when we investigated, we discovered that if you enable SAML SSO for a Snowflake account for a local account with no MFA, the local password still works unless you explicitly create an authentication policy to prevent it.

Push (@pushsecurity) 's Twitter Profile Photo

The Snowflake breach will be for cloud identity attacks what WannaCry was for Ransomware. Join Luke Jennings to explore the practical takeaways from the incident. Select the best time for you using the dropdown menu. pushsecurity.com/webinar/snowfl…

The Snowflake breach will be for cloud identity attacks what WannaCry was for Ransomware.

Join <a href="/jukelennings/">Luke Jennings</a> to explore the practical takeaways from the incident.

Select the best time for you using the dropdown menu.

pushsecurity.com/webinar/snowfl…
The Hacker News (@thehackersnews) 's Twitter Profile Photo

Is the Snowflake breach, touted as the biggest in history, identity security’s WannaCry moment? Join Luke Jennings, VP R&D at Push, to explore what Snowflake shows us about the complexity of the identity attack surface, and discuss the practical steps that

Is the Snowflake breach, touted as the biggest in history, identity security’s WannaCry moment? 

Join Luke Jennings, VP R&amp;D at <a href="/PushSecurity/">Push</a>, to explore what Snowflake shows us about the complexity of the identity attack surface, and discuss the practical steps that
Luke Jennings (@jukelennings) 's Twitter Profile Photo

If you missed my Snowflake webinar yesterday and you’re impacted by the recent breach, you can check out this link to the demo segment from the webinar, where I show how to disable ghost logins in Snowflake. Remember, this is not just a Snowflake problem pushsecurity.com/resources/vide…

Push (@pushsecurity) 's Twitter Profile Photo

Join us for happy hour with Sublime Security on August 8! Grab a drink, have a bite, catch up with old friends (and make some new ones) at KUMI in Mandalay Bay! RSVP: lu.ma/bh24-sublime-p…

Join us for happy hour with <a href="/sublime_sec/">Sublime Security</a> on August 8! Grab a drink, have a bite, catch up with old friends (and make some new ones) at KUMI in Mandalay Bay!

RSVP: lu.ma/bh24-sublime-p…
Luke Jennings (@jukelennings) 's Twitter Profile Photo

I wrote a blog post on the many defense mechanisms phishing kits are using to avoid discovery and analysis now. I used a recent instance of NakedPages and cover 9 different techniques, including Cloudflare Workers and Turnstile abuse. IOCs included. pushsecurity.com/blog/how-aitm-…

Push (@pushsecurity) 's Twitter Profile Photo

Don't miss out on our upcoming webinar where Luke Jennings will be demoing infostealers, showing how to steal cookies and hijack sessions for MFA-protected services like M365 and downstream SaaS apps. Details below 👇 Pick a time and register here: pushsecurity.com/webinar/infost…

Don't miss out on our upcoming webinar where <a href="/jukelennings/">Luke Jennings</a> will be demoing infostealers, showing how to steal cookies and hijack sessions for MFA-protected services like M365 and downstream SaaS apps. Details below 👇 

Pick a time and register here: pushsecurity.com/webinar/infost…
Push (@pushsecurity) 's Twitter Profile Photo

Ready to meet the REAL cookie monster? Join us on September 12th where Luke Jennings will be compromising MFA-protected services by stealing session cookies and hijacking live sessions. Don’t miss out – register here: pushsecurity.com/webinar/infost…

Ready to meet the REAL cookie monster?

Join us on September 12th where <a href="/jukelennings/">Luke Jennings</a> will be compromising MFA-protected services by stealing session cookies and hijacking live sessions.

Don’t miss out – register here: pushsecurity.com/webinar/infost…
Push (@pushsecurity) 's Twitter Profile Photo

Are you at GrrCON? Join us tonight for an epic evening of delicious food, refreshing drinks, and fantastic networking. Spots are going quickly! Register now: lu.ma/grrconhappyhou…

Luke Jennings (@jukelennings) 's Twitter Profile Photo

1/ A new class of phishing - how verification phishing and cross-idp impersonation can bypass your SSO. Here is a video demo, but this is one where you really need to read the full article too - pushsecurity.com/blog/a-new-cla… I'll summarize the key points in this thread.

Push (@pushsecurity) 's Twitter Profile Photo

We're ready for Black Hat Europe this week! Stop by booth 436 to chat with Adam Bateman //O, Luke Jennings and the team about the rise in identity attacks – and how Push's browser-based ITDR solution gives defenders the advantage they need. We’ve got brand new swag too!

We're ready for <a href="/BlackHatEvents/">Black Hat</a> Europe this week!

Stop by booth 436 to chat with <a href="/ajaybateman/">Adam Bateman //O</a>, <a href="/jukelennings/">Luke Jennings</a> and the team about the rise in identity attacks – and how Push's browser-based ITDR solution gives defenders the advantage they need. 
 
We’ve got brand new swag too!
Push (@pushsecurity) 's Twitter Profile Photo

Have you signed up to see Luke Jennings use OpenAI Operator to automate identity attacks? Watch the clip below to see how it responds when tasked with logging into apps using stolen credentials. Want to see more? Register for the webinar here 👇 pushsecurity.com/webinar/automa…

Push (@pushsecurity) 's Twitter Profile Photo

🚀 We’re thrilled to announce our $30M Series B led by Redpoint, supercharging our mission to stop identity attacks 🚀 Check out the press release here: pushsecurity.com/news/push-secu…

Push (@pushsecurity) 's Twitter Profile Photo

Attacks have moved away from endpoints and internal networks to the browser — a blind spot for traditional security tools. Read more below 👇 pushsecurity.com/blog/how-the-b…