🔥Telegram İfşa

Join us at #SANSHackFest when Bleon Proko & Andrew Kraut discuss bypassing AWSCompromisedKeyQuarantineV2. Learn how attackers can still escalate, persist, and wreak havoc even after credentials are leaked. ➡️ View Agenda & Save Your Spot: sans.org/u/1vBt #CloudSecurity

Incredible Day 2 talks /fol: Yarden Shafir Taylor Lee Leswee LLC @markofu Kevin Ott x jon Bleon Proko Jason Ostrom x Chris Lo Tracecat Alyse My honest Irish/Dutch opinion, 10/10 💎 every talk, the entire exp; hoping for another summit in the future in LA 💜

Thank you Clint Gibler for sharing the blog and the tool. Hope people like it.

VIDEO: BSidesNYC 2024 - Breaking free from the chains of fate – Bypassing AWSCompromisedKeyQuarantineV2 Policy - Bleon Proko Bleon Proko Opie Opie Permiso Security youtu.be/fYwG0s9uY0w?li… #BSidesNYC #BSidesNYC #BsidesNYC2024 #bsidesnyc0x04 #cybersecurity #InfoSec #AWS

Now at WWHF Bleon Proko is going over DetentionDodger, a tool designed to find users whose credentials have been leaked/compromised and the impact they have on the target. github.com/Permiso-io-too…

Last week I had the pleasure of meeting / spending time with various cyber heroes, including Chris Spehn Olaf Hartong @subTee Keith Bleon Proko Cat at #wwhf - give them a follow if you aren't already! #ff

As part of recapping the TEN open-source tools Permiso launched in 2024, today we're covering #YetiHunter! YetiHunter was developed by Bleon Proko and 1aN0rmus to help security teams detect and hunt for suspicious activity in Snowflake environments. It includes indicators

Thank you AWS Security Digest for including AWS Quarantine Policy Bypass article in your issues (issue #182). Happy to have one of my articles be endorsed by you.

Check out Bleon Proko 's talk, "Encrypting Buckets for Compliance and Ransom - How Attackers Can Use KMS to Ransomware S3 Buckets," from Wild West Hackin' Fest @ Mile High 2025! Grab yer tickets for WWHF - Deadwood 2025! --> wildwesthackinfest.com/wild-west-hack… youtube.com/watch?v=g-sHkS…

We are incredibly honored to be named the winner of The Most Promising Early Stage Start Up category in the SC Media SC Awards. This is a great testament to the hard work of the entire Permiso team, and the value our customers see in our solution. scworld.com/news/sc-awards…

#HuntingTipOfTheDay: explorer.exe /root,"c:/your/file.exe" will spawn your exe from the main explorer.exe, not a new one. This breaks normal process chains. Hunt for explorer.exe with "/root", as well as explorer spawning unusual children (e.g. rundll32, mshta, powershell).

Triage shouldn’t be the majority of your SOC’s time and effort. See how AI slashes false positives, speeds up alert handling, and delivers better context for every analyst tier. Read the blog: exaforce.com/blogs/fixing-t… #CyberSecurity #SOC #AI #SecOps #IncidentResponse

The s1ngularity supply-chain attack compromised npm Nx packages, stealing sensitive developer assets. Exaforce confirmed zero customer impact & added new risk rules proactively. Read more: exaforce.com/blogs/s1ngular…

New research: Attackers slipped malicious code into popular NPM packages to hijack crypto wallets. Bleon Proko dives deep into how it worked & what to do next: bit.ly/3V7xbDS #SupplyChainSecurity #NPM #Crypto

New research from Bleon Proko: Ghost in the Script Attackers can abuse hidden Google Apps Script projects to persist in GCP. Learn how the technique works and how to detect it. Read more: bit.ly/3I6v4gv

New from GigaOm: The 2025 Radar for SecOps Automation is here. Discover how AI-driven automation is transforming SOC workflows, market leaders, and what’s next for the SOC. Read the full report: exaforce.com/downloads/giga… #SecOps #AISOC #CyberSecurity

New research, this time on abusing AWS CloudControl API as an attack tool, with a very nice persistence mechanism

Thrilled to announce that Exaforce has been selected for the 2025 AWS Generative AI Accelerator! 🚀 AWS Startups #AWS #AWSStartups #GenerativeAI #AWSAccelerator #AISOC

🧠 “Can I just vibe-code an AI SOC?” “If you’re starting from scratch - building data platforms + layers, that might not be worth it.” — Ariful Huq Exaforce Tools ≠ architecture. 🎙 Cloud Security Podcast #AISecurity #SOC

A new research where I take a look into how logs can be used as an attack tool.