p0 Labs

34 posts

p0 Labs

@P0Labs

Cloud Threat Research and Detection Engineering is our Priority Zero (p0) at Permiso Security.

เข้าร่วม Mart 2022

31 กำลังติดตาม105 ผู้ติดตาม

p0 Labs รีทวีตแล้ว

Melinda Marks@melindamarks·21 Eyl

An area needing attention for protecting modern applications against threats👇 -access via IDP identities -LUCR-3 uses SaaS applications to learn how the victim organization operates and how to access sensitive information." #cloudsecurity #iam #sspm #appsec @permisosecurity

1aN0rmus@TekDefense

Beware of LUCR-3! 🚨 Threat actor that overlaps with Scattered Spider, Oktapus, UNC3944, & STORM-0875, they exploit IDPs for initial access & aim to steal IP for extortion. They use victims' tools and evade detection with expertise. @permisosecurity permiso.io/blog/lucr-3-sc…

English

615

p0 Labs รีทวีตแล้ว

SwiftOnSecurity@SwiftOnSecurity·21 Eyl

An iPhone user suddenly having an Android is 🚨

J⩜⃝mie Williams@jamieantisocial

I really appreciate the way this report clearly translates offensive tradecraft into defensive ideas

English

463

119.7K

p0 Labs รีทวีตแล้ว

David Longenecker@dnlongen·21 Eyl

Dadgum, this is a good and content-rich read. Lots of crisp TTPs to consider detections for. permiso.io/blog/lucr-3-sc… // hat tip @permisosecurity @TekDefense

English

399

p0 Labs รีทวีตแล้ว

SentinelLabs@LabsSentinel·13 Tem

New joint release with our friends at @permisosecurity / @P0Labs 👇 AWS-Targeting Cred Stealer Expands to Azure, GCP 💜 s1.ai/cloudcreds 💜 permiso.io/blog/s/agile-a… @spiderspiders_ @TekDefense @danielhbohannon #ThreatIntel

English

p0 Labs รีทวีตแล้ว

1aN0rmus@TekDefense·20 Eyl

English

150

86.8K

p0 Labs รีทวีตแล้ว

Nick Carr@ItsReallyNick·20 Eyl

📴Hopefully your org doesn't allow SMS for 2FA (especially for privileged accounts in Azure AD). Don't stop at disabling it. Monitor for threat actors trying to modify it. Nice transparency into threat actor tampering & recommendations @TekDefense/@p0Labs 📰Full blog: permiso.io/blog/lucr-3-sc…

English

4.3K

p0 Labs รีทวีตแล้ว

Nick Carr@ItsReallyNick·20 Eyl

Excellent 🆕blog from @permisosecurity on the most disruptive criminal intrusion set we're all working on. Blog details evasive techniques scattered across SaaS & multi-cloud environments.

1aN0rmus@TekDefense

English

123

36.1K

p0 Labs รีทวีตแล้ว

1aN0rmus@TekDefense·15 Şub

Keep an eye out for usage of deprecated #AWS policies. @gl4ssesbo1 makes his @permisosecurity @P0Labs blog debut talking about the dangers of the deprecated policy AmazonEC2RoleforSSM permiso.io/blog/s/depreca…

English

1.8K

p0 Labs รีทวีตแล้ว

1aN0rmus@TekDefense·23 Şub

Here @permisosecurity the focus is on detection of #identity and #cloud threat activity. #Detection can be an art form with various methodologies. In this article we describe our approach to detection using AndroxGh0st and GreenBot as an example! permiso.io/blog/s/approac…

English

1.6K

p0 Labs รีทวีตแล้ว

Nick Carr@ItsReallyNick·2 Oca

.@TekDefense & the @permisosecurity p0 Labs team get it. This time showing you how older techniques like HIST* mods can be combined with new signal to hunt for credential harvesting campaigns $hist1 = "HISTSIZE=0" $hist2 = "unset HISTFILE" 🆕 permiso.io/blog/s/christm… 🎅

Nick Carr@ItsReallyNick

Linux #DFIR reminders: 1⃣ Trojanized binaries are still a popular Linux infection vector - along with classics like web shells, tunnelers, & simple bash scripts 2⃣ HISTFILE modification behavior is suspicious - and detection may be as simple as HISTFILE string in ELF binaries

English

6.9K

p0 Labs รีทวีตแล้ว

Marco Lancini@lancinimarco·13 Oca

🔖 Cloud Cred Harvesting Campaign A credential harvesting campaign targeting cloud infrastructure. The majority of the victim system were running public facing Juptyer Notebooks. From @permisosecurity permiso.io/blog/s/christm…

English

663

p0 Labs รีทวีตแล้ว

Noah McDonald@TheIceRoot·12 Oca

@permisosecurity & @ExpelSecurity both writing a blog within a week of each other explaining how threat actors are exploiting the Simple Email Service (SES) within #aws. Please read and learn from these articles! permiso.io/blog/s/aws-ses… #cloud #threatdetection

English

276

p0 Labs รีทวีตแล้ว

Marco Lancini@lancinimarco·19 Oca

🔖 SES-pionage What do attackers do with exposed AWS access keys? This blog looks inside AWS SES to give deeper insights into the service, why & how its targeted and how to detect it. From @permisosecurity permiso.io/blog/s/aws-ses…

English

711

p0 Labs รีทวีตแล้ว

1aN0rmus@TekDefense·3 Şub

Meet the @P0Labs team: #pixelart version. #FollowFriday @permisosecurity @Security_Nate @danielhbohannon @gl4ssesbo1 @akraut

English

2.7K

p0 Labs รีทวีตแล้ว

William Toll@utollwi·8 Şub

Cloud Apps Still Demand Way More Privileges Than They Use darkreading.com/tech-trends/cl… via @darkreading @permisosecurity #CSPM #AppSec

English

332

p0 Labs รีทวีตแล้ว

1aN0rmus@TekDefense·10 Şub

Last week we @permisosecurity wrote an article permiso.io/blog/s/waterin… speaking to a #google ads phishing campaign targeting #brazilian #AWS users. @TomHegel discovered the next phase of the attackers campaign, catch the details from the @SentinelOne team sentinelone.com/blog/cloud-cre…

English

533

p0 Labs รีทวีตแล้ว

1aN0rmus@TekDefense·6 Şub

2022 was a great year for the @permisosecurity @P0Labs team. Hundreds of hours dedicated to researching, detecting, and helping our clients responds to #cloud attacks. Here are some of our observations: permiso.io/blog/s/permiso…

English

614

p0 Labs รีทวีตแล้ว

1aN0rmus@TekDefense·31 Oca

Compromised Access Keys aren't the only vector for #cloud Attacks. Checkout our (@permisosecurity ) latest article where we detail an ongoing wateringhole attack targeting #AWS management console users via #google ads. permiso.io/blog/s/waterin…

English

843

p0 Labs@P0Labs·4 Oca

Checkout some of the great research from the @permisosecurity @P0Labs team from last year: 1. #Okta Impersonation: permiso.io/blog/s/down-wi… 2. Anatomy of an #AWS attack: permiso.io/blog/s/anatomy… 3. #Cloud Cred Harvesting: permiso.io/blog/s/christm… ... and more!

English

417

p0 Labs รีทวีตแล้ว

Daniel Bohannon@danielhbohannon·6 Ara

I'm super excited to announce that I've joined @permisosecurity as a Principal Security Researcher! Stoked to be reunited with the fiercely fun & technical @TekDefense on the @P0Labs research team. Several weeks in & I'm super impressed by the team, tools, data & capabilities.

English

ค้นพบ

@permisosecurity @TekDefense @spiderspiders_ @danielhbohannon @gl4ssesbo1 @ExpelSecurity @akraut @darkreading