In this episode, Push Security’s VP of Research and Development Luke Jennings joins us to discuss SaaS attacks and how they can compromise your organization without touching a single endpoint or network. Luke shares his recent SaaS attack research, why SaaS-based attacks are different from traditional network-based attacks, his SaaS attack matrix that can be used by both red and blue teams, and the topics this research is being shared with. We talk about why it’s important to become one. Cybersecurity community.
**Links mentioned in the program*
Let’s talk about SaaS attack techniques
https://pushsecurity.com/blog/saas-attack-techniques/
SAML jacking a compromised tenant
https://pushsecurity.com/blog/samljacking-a-poisoned-tenant/
Push security SaaS attacks GitHub
https://github.com/pushsecurity/saas-attack
Follow Luke to push security
https://www.linkedin.com/in/luke-jennings-042b5619b/
https://twitter.com/jukelennings
https://twitter.com/PushSecurity
https://pushsecurity.com/
**Watch this episode on YouTube**
** Become a Shared Security Supporter **
For just $5 a month, get exclusive access to ad-free episodes, listen to new episodes before they’re released, access a private Discord server, receive a monthly shoutout on the show, and get a 15% off discount code You can also find it on sale at the Shared Security store. Become a supporter now! https://patreon.com/SharedSecurity
** Thank you to all our sponsors! **
SLNT
visit slnt.com Check out SLNT’s amazing Faraday bag line and other products made to protect your privacy. As a listener of this podcast, use the discount code “sharedsecurity” to get his 10% off your order at checkout.
click armor
To see how the “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, also get a free trial of Click Armor’s Gamified Awareness Training Platform To do so, please visit: https://clickarmor.ca/sharedsecurity
** SUBSCRIBE AND FOLLOW THE PODCAST **
Join Reddit’s shared security community. https://www.reddit.com/r/SharedSecurityShow/
Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast
Watch and subscribe on Odysee (YouTube Alternative)
https://odysee.com/@SharedSecurity:c
Follow us on Mastodon: https://infosec.exchange/@sharedsecurity
Follow us on Twitter: https://twitter.com/sharedsec
Visit our website: https://sharedsecurity.net
Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe
Sign up for our email newsletter to receive updates on podcasts, contest announcements, and special offers from our sponsors. https://shared-security.beehiiv.com/subscribe
Please leave a rating and review: https://ratethispodcast.com/sharedsecurity
inquiry: https://sharedsecurity.net/contact
post SaaS attacks: Compromise an organization without connecting to the network It first appeared Shared Security Podcast.
*** This is a syndicated blog from the Security Bloggers Network. Shared Security Podcast The author is Tom Eston. See the original post here: https://sharedsecurity.net/2023/09/04/saas- Attacks-compromising-an-organization-without-touching-the-network/