Andy

I’ve just released some research into 38 SaaS-native attack techniques across the kill chain and produced a SaaS attack matrix to go along with it. github.com/pushsecurity/s… This is just the beginning but my hope is this will become an ongoing community project.

Welcome to the portfolio, @PushSecurity, @ajaybateman, @metall0id, and @jacques_sec 🎉 GV’s @karimfaris and @vidushanmug share more about Push’s approach to help enterprises scale SaaS security — bit.ly/3KdGHj4

How do you deal with a SaaS account that's been compromised through #ConsentPhishing via a social engineering attack? Our IR expert, Johann, shares some guidance in this technical blog pushsecurity.com/blog/how-to-ki… #security #infosec

Excited to share our investment in @PushSecurity - a new company that uses AI to help users protect themselves while using SaaS apps. Push gives security teams peace of mind and empowers every user to be a defensive force in the fight against cybercrime: decibel.vc/content/push-s…

Thx to @techcrunch for covering our seed funding! "Push is designed to support SaaS usage, & make it more secure. '...by working directly w/employees, we can build mutual trust over time and let them use the tools they want without raising alarm bells.'" buff.ly/3cpy7QG

Product release! You can now use the Push platform to discover SaaS used in your organization, secure the accounts used on those SaaS platforms, find risky third-party integrations, and use ChatOps to solve problems at scale. buff.ly/3RNq1lo #SaaSsecurity #cloudsecurity

35% of employees say they need to work around their company’s security policy to get their job done. Help them *securely* use the tools they like instead - buff.ly/3wCuzlT Source: @G2dotcom #SaaSsecurity #SaaSDiscovery #shadowit

Looking for a new role or career change in 2022? 🎆 We're always looking for skilled or developing vulnerability researchers to join our team! 👩‍💻👨‍💻 interruptlabs.co.uk/careers/

@MsftSecIntel What kind of impact has publisher verification had on consent phishing? It would be interesting to see stats on how many come from verified publishers today (i.e. accounts in those tenants get compromised) vs. attackers targeting tenants with weak settings for users.

Microsoft Defender for Office 365 protects against consent phishing emails using advanced filtering backed by machine learning, IP and URL reputation systems, and experts constantly monitoring the threat landscape, including the use of OAuth 2.0 URLs: docs.microsoft.com/en-us/microsof…

Consent phishing attacks, which aim to trick users into granting malicious cloud apps access to sensitive data, are steadily increasing. Microsoft provides comprehensive protection against these attacks by coordinating defense across multiple solutions. microsoft.com/security/blog/…

In lockdown with plenty of time, so I built a thing graphpermissions.merill.net Graph Permission Explorer helps #azuread admins view the #microsoftgraph APIs and resources for a given permission (eg User.Read). Check it out.

In his latest blog Alex Triaca says: "And just like that you’ve been consent phished. You’ve just granted the attackers permanent access to your account, which they retain even if you change your password or have MFA enabled." bit.ly/3eDLY4u

I started reviewing OAuth tokens for users in Google Workspace, It turned out to be non-trivial. I wrote a blog post about it, hopefully it saves someone some time! pushsecurity.com/s?c=oauth-toke…

'Malicious mail rules' are a popular attack technique used to backdoor a user's inbox after a successful account compromise. Check our free tool that can knock this control off your to-do list in under two minutes! bit.ly/2TXy2La #emailsecurity #Office365 #gsuite

Really clear breakdown of what’s included in each M365 license 👌 m365maps.com @AaronDinnage - thanks! This is super useful.

Anyone aware of any instances of consent phishing for Slack? Or anything other than 365? Send me some links if so pls!

New blog: Attackers used a large cloud-based infrastructure to compromise mailboxes via phishing then add forwarding rules that allowed them to get access to emails. Learn how cross-domain threat data led to the discovery & disruption of this BEC campaign. msft.it/6015nERcZ

Note to self: search for less profitable keywords

Came across "security conversations" podcast yday by @ryanaraine . Listened to a few now, fits the bill nicely, some really interesting episodes - would recommend!

Can anyone recommend security podcasts that are NOT news-based? Seems to be plenty of "this week in cyber" but I'd like to hear something different. Like, war stories or "here's how we tried to fix this problem and what we learned along the way" from a sec team etc.

@paulg I don't know man...seems like pretty important information to me.

"It's pronounced like 'war'." — Useless advice from an English friend on the pronunciation of "Waugh"

@publidave @dayzerosec Thanks I'll check it out! And definitely let me know if you do start something, sounds exactly like what I'm interested in 👌

@andy_waugh Was actually thinking about doing something like this - each episode deconstructing a case study into learning points, which controls were absent/failed etc. @dayzerosec podcast is criminally underrated, excellent technical sec podcast open.spotify.com/show/4NKCxk8aP…