issues
search
pushsecurity
/
saas-attacks
Offensive security drives defensive security. We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. #nolockdown
https://pushsecurity.com/blog/saas-attack-techniques/
Creative Commons Attribution 4.0 International
937
stars
61
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Updating ghost logins with initial access discussion and snowflake re…
#73
jukelennings
closed
3 days ago
0
Add initial access phase for ghost logins
#72
jukelennings
closed
3 days ago
0
70 add session theft as a technique
#71
jukelennings
closed
3 weeks ago
0
Add session theft as a technique
#70
jukelennings
closed
3 weeks ago
0
Example of either in-app phishing or link backdooring
#69
jukelennings
opened
3 weeks ago
0
Add mew technique based on monday.com legit email abuse
#68
jukelennings
opened
3 weeks ago
0
Add MFA downgrade attack as a technique
#67
jukelennings
opened
3 weeks ago
0
Adding in-app phishing example for github with additional trick for h…
#66
jukelennings
closed
2 months ago
0
Add example for in-app phishing of GitHub using trick to host files on GitHub repos you do not control
#65
jukelennings
closed
2 months ago
0
Adding Guest user access misconfiguration
#64
CharanRoot
opened
2 months ago
1
Add breach table to list real-world breaches where SaaS attack techniques have been used
#63
jukelennings
opened
2 months ago
0
Adding device enrollment technique
#62
jukelennings
closed
3 months ago
0
Device Enrollment technique
#61
jukelennings
closed
3 months ago
0
Adding aitm phishing technique
#60
jukelennings
closed
3 months ago
0
58 add password manager extraction examples to password scraping technique
#59
jukelennings
closed
3 months ago
0
Add password manager extraction examples to password scraping technique
#58
jukelennings
closed
3 months ago
0
Adding octo tempest/scattered spider reference to real-world use of s…
#57
jukelennings
closed
5 months ago
0
Shadow workflow reference for use of Fivetran by Scattered Spider
#56
jukelennings
closed
5 months ago
0
Adding references to microsoft oauth attacks blog
#55
jukelennings
closed
6 months ago
0
Add references for recent Microsoft report on OAuth attacks
#54
jukelennings
closed
6 months ago
0
Potential new technique - kubernetes resource injection
#53
Esonhugh
opened
6 months ago
0
Adding Okta SWA example
#52
jukelennings
closed
7 months ago
0
Add okta swa example for password scraping
#51
jukelennings
closed
7 months ago
0
Minor fixes
#50
JunaidLoonat
closed
7 months ago
0
adding inbound federation
#49
jukelennings
closed
8 months ago
0
Add inbound federation as a new technique
#48
jukelennings
closed
8 months ago
0
Adding slack phishing, persistence and lateral movement references
#47
jukelennings
closed
8 months ago
0
Add slack phishing, persistence and lateral movement references
#46
jukelennings
closed
8 months ago
0
44 GitHub vscode oauth app spoofing
#45
jukelennings
closed
9 months ago
0
GitHub VSCode OAuth app spoofing
#44
jukelennings
closed
9 months ago
0
Add AITM phishing proxying as a techinique
#43
jukelennings
closed
3 months ago
0
40 add references for shadow workflow + evil twin integration attack chain blog
#42
jukelennings
closed
9 months ago
0
Adding shadow workflow and evil twin attack chain references
#41
jukelennings
closed
9 months ago
0
Add references for shadow workflow + evil twin integration attack chain blog
#40
jukelennings
closed
9 months ago
0
Make a contribution guide
#39
jukelennings
opened
10 months ago
0
Add new technique: OAuth token leakage
#38
tkal
closed
10 months ago
4
Adding poisoned tenant + samljacking demo video/blog post references
#37
jukelennings
closed
10 months ago
0
Datadog example for samljacking
#36
jukelennings
closed
10 months ago
0
Reference poisoned tenant + SAMLjacking attack chain demo
#35
jukelennings
closed
10 months ago
0
31 should samljacking be lateral movement as well
#34
jukelennings
closed
10 months ago
0
Adding technique IDs
#33
jukelennings
closed
10 months ago
0
Attacks should have ID's to support mapping items to detection rules
#32
BatteryCandy
closed
10 months ago
1
Should SAMLJacking be lateral movement as well?
#31
jacques-
closed
10 months ago
0
Reference power-pwn where appropriate for shadow workflows or similar
#30
jukelennings
opened
10 months ago
0
Potential new technique(s) - cell phone related compromise
#29
jukelennings
opened
10 months ago
0
Add SAMLjacking example for datadog
#28
jukelennings
closed
10 months ago
0
22 expensify example for ghost logins
#27
jukelennings
closed
11 months ago
0
Potential new technique - delegated access
#26
jukelennings
opened
11 months ago
0
Hosting phishing pages on SaaS (AMP)
#24
jacques-
opened
11 months ago
1
21 add nuclino example to poisoned tenant
#23
jukelennings
closed
11 months ago
0
Next