BeyondTrust Phantom Labs™

Using advanced graph modeling, #PhantomLabs researchers map attack paths to privileged access across cloud & on-premises infrastructure. Learn more about how we're shaping the future of identity security below. ➡️ lnkd.in/dppHhXut #IdentitySecurity #ThreatResearch

Breaking: Newly uncovered OpenAI Codex vuln enables command injection via GitHub branch names in task creation requests. Attackers could steal GitHub user access tokens & sensitive data. Full breakdown by Tyler Jespersen: lnkd.in/ewdTaiEa #OpenAI #BTPhantomLabs

Heading to Seattle BSides next week? Don’t miss Sergio Garcia’s talk on the real identity attack surface and risks hidden in Bedrock. Live demo + detection. Feb 28 @ 2 PM. Event schedule: lnkd.in/eKfKF5We #Bsides #Bedrock

Heading to Seattle BSides next month? Don’t miss Sergio Garcia’s talk on the real identity attack surface and risks hidden in Bedrock. Live demo + detection. Feb 28 @ 2 PM. Event schedule: lnkd.in/eKfKF5We #Bsides #Bedrock

AI agents are the next big attack surface 🤖 Watch Phantom Labs break down how enterprise agents get hijacked to leak secrets and access cloud infrastructure, even with controls in place. Free, on-demand webinar. beyondtrust.com/webinars/ai-ha… #AI #AgenticAI

Wise words from @MadhavLifeLab 👇

@MadhavLifeLab @DarkReading Be sure to follow Phantom Labs for even more quick tips this #CybersecurityAwarenessMonth!

- Global Session Cookies are NOT set to persist across browser session (to prevent long-lived authentication tokens). For a more detailed breakdown, check out @MadhavLifeLab's recent article for @DarkReading : darkreading.com/identity-acces…

Secure your #Okta session policies with these 4 actionable tips (a thread) ⬇️ Misconfigurations within your global session policies can allow risky sessions and weaken access controls. Make sure that you check the following:

Quick way to do passive Okta reconnaissance against an organization is by targeting the organization's metadata endpoint (.well-known/okta-organization). Here's an example using Curl:

Dive straight in → lnkd.in/eBq8ZJKf In @gymR4T's latest article for @DarkReading, Fletcher takes a closer look at why identity security strategies need a systemwide rethink, and where to start... Link above! #IdentitySecurity

Another great piece from @kidtronnix! 👏

From guest access to Entra Admin in NINE steps?! Our research team recently exposed the “Evil VM” attack path - a new way attackers can hijack Azure VMs, steal PRTs, and take over your environment. Here's the 9 steps ⇾ lnkd.in/erv5Wh9u #EntraID #ZeroTrust

In this post recently published on @DarkReading, we take a closer look at getting the most out of CloudTrail. Read now ⇾ lnkd.in/e-Rfjxx2 #AWS #CloudTrail

New blog from Phantom Labs🔥 Discover how Longitudinal Data Analysis (LDA) helps enhance detecting threats by identifying privilege and pattern changes over time! beyondtrust.com/blog/entry/lon…

Your certificate problems don’t end at the domain controller. In his #SOCON2025 presentation @gymR4T is exploring techniques to weaponize ADCS to gain access to the cloud through certificate template abuse and enrollment service manipulation.

At the CloudSecNext Summit 2024, the Director of BeyondTrust Research presented about identity defense in depth, and common control anti-patterns that subvert it.

Fresh off the press! One of our security researchers discusses Entra ID app escalations along with a script to perform these actions. Blog: beyondtrust.com/blog/entry/ent… Github: github.com/beyondtrust/re…

Just released my ADCS PART 2 intro blog series into attacking ESC4 and some simple mitigations/detections you can look for when investigating this domain escalation path as well as a demo into the @BeyondTrust insights identity product picking up this attack…enjoy beyondtrust.com/blog/entry/esc…