Push

💡 Introducing a SaaS attack matrix of networkless SaaS attack techniques - These attacks bypass EDR and network detection 💬 #Pentesters #Redteams We’d love to some comments or contributions for things you've tried on GitHub! Links in 🧵 #security #infosec #SaaSsecurity

With Push, you get an OS and browser agnostic way to manage and remove browser extensions. With our latest feature, you can now also automatically block known-bad extensions from running in your environment. Read our guide to securing browser extensions hubs.li/Q045MP4-0

The next evolution of ClickFix is here: InstallFix. Attackers distribute cloned Claude Code websites via malicious search ads. The pages contain fake instructions that trick victims into installing infostealer malware instead. Read the breakdown hubs.li/Q045TM6F0

Most breaches now start in the cloud — no malware needed. Attackers exploit legit functionality, dump data, and demand ransom. The common thread? It all happens in the browser. See how these attacks work in the wild 👉hubs.li/Q045KBZv0

ClickFix, FileFix & related browser attacks are up 517% in 6 months. Push now detects ClickFix, FileFix, and other browser-based attacks that copy malicious code and run it on the victim’s machine. Learn more: pushsecurity.com/blog/introduci…

Attacks have moved away from endpoints and internal networks to the browser — a blind spot for traditional security tools. Read more below 👇 pushsecurity.com/blog/how-the-b…

🚀 We’re thrilled to announce our $30M Series B led by @Redpoint, supercharging our mission to stop identity attacks 🚀 Check out the press release here: pushsecurity.com/news/push-secu…

Have you signed up to see @jukelennings use OpenAI Operator to automate identity attacks? Watch the clip below to see how it responds when tasked with logging into apps using stolen credentials. Want to see more? Register for the webinar here 👇 pushsecurity.com/webinar/automa…

We're ready for @BlackHatEvents Europe this week! Stop by booth 436 to chat with @ajaybateman, @jukelennings and the team about the rise in identity attacks – and how Push's browser-based ITDR solution gives defenders the advantage they need. We’ve got brand new swag too!

1/ A new class of phishing - how verification phishing and cross-idp impersonation can bypass your SSO. Here is a video demo, but this is one where you really need to read the full article too - pushsecurity.com/blog/a-new-cla… I'll summarize the key points in this thread.

Are you at GrrCON? Join us tonight for an epic evening of delicious food, refreshing drinks, and fantastic networking. Spots are going quickly! Register now: lu.ma/grrconhappyhou…

Ready to meet the REAL cookie monster? Join us on September 12th where @jukelennings will be compromising MFA-protected services by stealing session cookies and hijacking live sessions. Don’t miss out – register here: pushsecurity.com/webinar/infost…

Don't miss out on our upcoming webinar where @jukelennings will be demoing infostealers, showing how to steal cookies and hijack sessions for MFA-protected services like M365 and downstream SaaS apps. Details below 👇 Pick a time and register here: pushsecurity.com/webinar/infost…

Some of my research on SaaS attacks, including ghost logins and other persistence vectors, made it on to @DarknetDiaries Achievement unlocked.

I wrote a blog post on the many defense mechanisms phishing kits are using to avoid discovery and analysis now. I used a recent instance of NakedPages and cover 9 different techniques, including Cloudflare Workers and Turnstile abuse. IOCs included. pushsecurity.com/blog/how-aitm-…

Join us for happy hour with @sublime_sec on August 8! Grab a drink, have a bite, catch up with old friends (and make some new ones) at KUMI in Mandalay Bay! RSVP: lu.ma/bh24-sublime-p…

If you missed my Snowflake webinar yesterday and you’re impacted by the recent breach, you can check out this link to the demo segment from the webinar, where I show how to disable ghost logins in Snowflake. Remember, this is not just a Snowflake problem pushsecurity.com/resources/vide…

Is the Snowflake breach, touted as the biggest in history, identity security’s WannaCry moment? Join Luke Jennings, VP R&D at @PushSecurity, to explore what Snowflake shows us about the complexity of the identity attack surface, and discuss the practical steps that organizations can take to investigate and respond effectively. Register for the webinar here: go.thn.li/snowflake-webi…

The Snowflake breach will be for cloud identity attacks what WannaCry was for Ransomware. Join @jukelennings to explore the practical takeaways from the incident. Select the best time for you using the dropdown menu. pushsecurity.com/webinar/snowfl…

7/ Well, when we investigated, we discovered that if you enable SAML SSO for a Snowflake account for a local account with no MFA, the local password still works unless you explicitly create an authentication policy to prevent it.

1/ The ongoing Snowflake situation has made me realize just how dangerous ghost logins – a SaaS-based persistence technique that I coined last year – can be as an initial access vector. So what is a ghost login, exactly?