Permiso Delivers Complete AI Security Through Unified Identity Platform

[READ MORE]

Platform
Resources
Blog
About

Sign In
Request A Demo

Platform
- Permiso  Platform
  
  The Permiso Platform discovers, protects, and defends human, non-human and AI identities in cloud and on-prem environments. Comprehensive visibility, prioritized risk reduction, and proactive threat defense for all identities.
  
  Learn More
- Platform
  - Discover
  - Protect
  - Defend
  Solutions
- Use Cases
  Integrations
- See Permiso in action
  
  Demo, please!
Resources
- Resource Center
  - Report
  - eBook
  - Collateral
  - Webinar
  - Press
  - Open Source Tools
- Guides
- Featured Resources
  
  CISO Guide to Detecting and Preventing Identity Attacks
  Learn More
  
  The Human Touch In Creating and Securing Non-Human Identities
  Learn More
Blog
About
- About
  
  P0 Labs
- Careers
  
  Contact
- Hear Ye, Hear Ye
  
  Subscribe to Cloud Chronicles for the latest in cloud security!

© Permiso Security 2025

|Privacy Policy|Terms

Cloud Chronicles

The latest research, reports and releases from the minds at Permiso Security.

module_168716615926221

Garrett Stephens

Permiso Delivers Complete AI Security Through Unified Identity Platform

Garrett Stephens | 09.30.25

The speed of artificial intelligence adoption is unprecedented. From automating code generation to powering customer service, AI is no longer a strategic option but a business imperative. Yet, with...

Illustration Cloud

Illustration Cloud

All Categories

8 Critical AI Security Challenges and How Permiso Solves Them

Aditya Vats

8 Critical AI Security Challenges and How Permiso Solves Them

Aditya Vats 10.29.2025

AI adoption is accelerating faster than security teams can track it. While organizations rush to deploy AI agents and integrate AI services across their operations, they're creating massive blind...

Thank You

Comprehensive Identity Visibility and Intelligence with Permiso Discover

Aditya Vats

Comprehensive Identity Visibility and Intelligence with Permiso Discover

Aditya Vats 10.22.2025

In cybersecurity, we often rush to solutions, implementing detection tools and response platforms, without first answering a fundamental question: What identities do we actually have?

Visibility + Context + Continuous Assessment = Effective Identity Security Posture Management (ISPM)

Aditya Vats

Visibility + Context + Continuous Assessment = Effective Identity Security Posture Management (ISPM)

Aditya Vats 10.09.2025

Modern security teams aren’t short on tools; they’re short on clarity. Identity lives across IdPs, cloud accounts, SaaS apps, data stores, CI/CD, and secrets vaults. Each system emits alerts, but few...

P0LR Espresso - Pulling Shots of Cloud Live Response & Advanced Analysis

Art Ukshini

P0LR Espresso - Pulling Shots of Cloud Live Response & Advanced Analysis

Art Ukshini 10.03.2025

In today’s detection landscape, defenders are overwhelmed by pre-canned dashboards and visualizations that are often aesthetically pleasing but lack actionable insight. While triaging suspicious...

Permiso Delivers Complete AI Security Through Unified Identity Platform

Garrett Stephens

Featured, Product

Permiso Delivers Complete AI Security Through Unified Identity Platform

Garrett Stephens 09.30.2025

The speed of artificial intelligence adoption is unprecedented. From automating code generation to powering customer service, AI is no longer a strategic option but a business imperative. Yet, with...

Permiso Adds Comprehensive AI Security to its Industry-Leading Identity Security Platform

Permiso Adds Comprehensive AI Security to its Industry-Leading Identity Security Platform

The Permiso Team 09.30.2025

Rethinking AI Security: Every Interaction Is About Identity

Aditya Vats

Rethinking AI Security: Every Interaction Is About Identity

Aditya Vats 09.22.2025

The rise of artificial intelligence (AI) has been nothing short of revolutionary, but with every new frontier comes a unique set of challenges. For many organizations, the promise of AI is tempered...

Anatomy of the Salesloft Breach - Detection, Response, and Lessons Learned

Ian Ahl

Anatomy of the Salesloft Breach - Detection, Response, and Lessons Learned

Ian Ahl 09.15.2025

In a year marked by prevalent supply chain breaches, the SalesLoft incident stands out as particularly insidious and complex. This breach represents what may be one of the most comprehensive ...

Inboxfuscation: Because Rules Are Meant to Be Broken

Andi Ahmeti

Inboxfuscation: Because Rules Are Meant to Be Broken

Andi Ahmeti 09.11.2025

Microsoft Exchange inbox rules have emerged as a critical attack vector for advanced persistent threat (APT) groups seeking to establish persistence and facilitate data exfiltration within enterprise...

Sliding into your DMs: Abusing Microsoft Teams for Malware Delivery

Isuf Deliu

Sliding into your DMs: Abusing Microsoft Teams for Malware Delivery

Isuf Deliu 08.28.2025

Social engineering remains one of the most effective methods for initial access, with phishing continuing to be a preferred technique among threat actors. While email is the most common vector,...

ITDR and Authentication Security: Why Traditional Identity Defense Falls Short in 2025

Aditya Vats

ITDR and Authentication Security: Why Traditional Identity Defense Falls Short in 2025

Aditya Vats 08.14.2025

While organizations have become incredibly sophisticated at detecting network threats and endpoint attacks, they're actually getting worse at catching identity-based threats when they matter most.

Permiso Builds Leadership Team for Next Stage of Growth as Demand Builds for Identity Security Protection

Jared Elder

Permiso Builds Leadership Team for Next Stage of Growth as Demand Builds for Identity Security Protection

Jared Elder 07.31.2025

Permiso Security, the leading identity security company protecting human, non-human, and AI identities across hybrid and multicloud environments, today announced several strategic hires and executive...

15 Questions Everyone Asks About Identity Threat Detection and Response(ITDR)

Aditya Vats

15 Questions Everyone Asks About Identity Threat Detection and Response(ITDR)

Aditya Vats 07.30.2025

Identity has become the new battleground in cybersecurity. With over 90% of breaches now involving compromised credentials, organizations are scrambling to understand how to protect their identity...

An Arrow to the Heel: Abusing Default Machine Joining to Domain Permissions to Attack AWS Managed Active Directory

Bleon Proko

An Arrow to the Heel: Abusing Default Machine Joining to Domain Permissions to Attack AWS Managed Active Directory

Bleon Proko 07.17.2025

Intro AWS Managed Active Directory, or the AWS Directory Service, is a service which provides users with an Active Directory environment hosted and managed on AWS infrastructure. However, there are...

Permiso Recognized as a Challenger and Fast Mover in GigaOm’s Identity Security Posture Management (ISPM) Radar Report

Aditya Vats

Permiso Recognized as a Challenger and Fast Mover in GigaOm’s Identity Security Posture Management (ISPM) Radar Report

Aditya Vats 07.16.2025

Identity is no longer just an IT concern. It has become the control plane for how organizations operate in the cloud, and attackers know it. As enterprises accelerate adoption of multi-cloud...

Announcing Permiso Discover: Identity Inventory & Visibility

Jared Elder

Announcing Permiso Discover: Identity Inventory & Visibility

Jared Elder 06.10.2025

We're thrilled to announce the upcoming launch of Permiso Discover, an identity inventory and visibility tool for human, non-human, and AI. Starting today, you can join the waitlist to gain early...

CloudTrail Logging Evasion: Where Policy Size Matters

Abian Morina

CloudTrail Logging Evasion: Where Policy Size Matters

Abian Morina 05.29.2025

At Permiso Security, we’ve always believed that curiosity fuels innovation. What started as a routine investigation into the reliability of AWS CloudTrail logs for monitoring IAM policy changes...

Permiso Recognized as a Challenger and Fast Mover in the GigaOm Identity Threat Detection & Response (ITDR) Radar

Aditya Vats

Permiso Recognized as a Challenger and Fast Mover in the GigaOm Identity Threat Detection & Response (ITDR) Radar

Aditya Vats 05.23.2025

Identity is the connective tissue of modern IT environments. Every person, workload, service account, and API key relies on identity to access resources. The challenge is that adversaries have...

Permiso Security Wins 'most promising early-stage Startup' at 2025 SC Awards

Jared Elder

Permiso Security Wins 'most promising early-stage Startup' at 2025 SC Awards

Jared Elder 05.01.2025

Palo Alto, CA – May 1, 2025 — Permiso Security, the leader in real-time identity security, has been honored with the "Most Promising Early-Stage Startup" award at the 2025 SC Awards, announced during...

Introducing the Permiso Platform: Threat-Informed Risk Exposure with Best In Class Threat Detection for Human and Non-Human Identities

Jared Elder

Introducing the Permiso Platform: Threat-Informed Risk Exposure with Best In Class Threat Detection for Human and Non-Human Identities

Jared Elder 04.23.2025

We’re excited to announce the launch of the Permiso Platform, the identity security platform that detects and protects against both human and non-human identity threats across your cloud and...

What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs

Jared Elder

What Security Teams Can Learn From The Rippling/Deel Lawsuit: Intent Lies in Search Logs

Jared Elder 03.20.2025

Earlier this week, Rippling announced that it had filed a lawsuit against one of their biggest competitors, Deel. The lawsuit alleges that Deel had placed a ‘spy’ within Rippling in order to harvest...

Azure's Apex Permissions: Elevate Access & The Logs Security Teams Overlook

Nathan Eades

Azure's Apex Permissions: Elevate Access & The Logs Security Teams Overlook

Nathan Eades 03.13.2025

Azure's "Elevate Access" feature is a critical security control point that deserves more comprehensive technical coverage than it typically receives. At Permiso, our P0 Labs team brings diverse cloud...

RansomWhen??? I Never Even Noticed It…

Bleon Proko

RansomWhen??? I Never Even Noticed It…

Bleon Proko 02.06.2025

A successful ransomware attack is the culmination of numerous steps performed by a determined attacker: gaining initial access to the victim’s environment, enumerating privileges to identify...

How Adversaries Exploit Unmonitored Cloud Regions to Evade Detection

How Adversaries Exploit Unmonitored Cloud Regions to Evade Detection

The Permiso Team 02.04.2025

Introduction The rapid evolution of Cloud Computing over the years has transformed traditional IT infrastructure by providing flexibility, affordability, and broader accessibility to various...

How Adversaries Abuse Serverless Services to Harvest Sensitive Data from Environment Variables

How Adversaries Abuse Serverless Services to Harvest Sensitive Data from Environment Variables

The Permiso Team 12.11.2024

Introduction In cloud computing, the evolution of serverless technology has significantly transformed how developers build and run applications. Over the years, the adoption of serverless computing...

Permiso Releases Suite of Open-Source Tools to Bolster Detection Capabilities for Past,Present and Future Attacks

Jared Elder

Permiso Releases Suite of Open-Source Tools to Bolster Detection Capabilities for Past,Present and Future Attacks

Jared Elder 11.07.2024

Release Marks Ten Open-Source Tools the Startup Has Launched So Far This Year PALO ALTO, CA – November 7, 2024 - Permiso, the leader in real-time identity security, has released a suite of three...

INTRODUCING CAPICHE DETECTION FRAMEWORK: AN OPEN-SOURCE TOOL TO SIMPLIFY CLOUD API-BASED HUNTING

Dredhza Braina

INTRODUCING CAPICHE DETECTION FRAMEWORK: AN OPEN-SOURCE TOOL TO SIMPLIFY CLOUD API-BASED HUNTING

Dredhza Braina 11.06.2024

Intro Attacks on cloud infrastructure have been steadily increasing in quantity, sophistication and scope. Common cryptomining attacks still exists, but the proliferation of BEC (Business Email...

BucketShield: Track Log Flow, Secure Buckets, Simulate Threats – All in One Open-Source Tool

Enisa Hoxhaxhiku

BucketShield: Track Log Flow, Secure Buckets, Simulate Threats – All in One Open-Source Tool

Enisa Hoxhaxhiku 11.05.2024

Introduction In today’s cloud-powered world, keeping your logs secure and intact is more important than ever. AWS CloudTrail serves as the backbone for tracking all activities across your cloud...

Breaking free from the chains of fate - Bypassing AWSCompromisedKeyQuarantineV2 Policy

Bleon Proko

Breaking free from the chains of fate - Bypassing AWSCompromisedKeyQuarantineV2 Policy

Bleon Proko 10.31.2024

Intro AWSCompromisedKeyQuarantineV2 (v3 was released during the creation of this article) is an AWS policy that attaches to identities whose credentials are leaked. It denies access to certain...

Introducing SkyScalpel: An Open-Source Tool to Combat Policy Obfuscation in Cloud Environments

Abian Morina

Introducing SkyScalpel: An Open-Source Tool to Combat Policy Obfuscation in Cloud Environments

Abian Morina 10.24.2024

At Permiso Security, we're committed to building and providing tools that empower teams to maintain high standards of cloud and identity security. Often inspired by a small mixture of in-the-wild...

Credits: Wilma Miranda

Ela Dogjani

Introducing CloudTail: An Open-Source Tool for Long-term Cloud Log Retention and Searchability

Ela Dogjani 10.21.2024

Introduction In the labyrinth of modern cloud infrastructure, effective log management is a cornerstone for ensuring operational security and compliance. However, small and medium-sized enterprises...

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

John Filitz

Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large

John Filitz 10.17.2024

Identity security is front, and center given all the recent breaches that include Microsoft, Okta, Cloudflare and Snowflake to name a few. Organizations are starting to realize that a shake-up is...

Survey Reveals Gaping Disconnect Between Existing Security Controls and the Identity Security Threat Reality

Jared Elder

Survey Reveals Gaping Disconnect Between Existing Security Controls and the Identity Security Threat Reality

Jared Elder 10.17.2024

Respondents are confident in their identity security posture, despite almost half reporting unauthorized access to their environment coupled with growing concerns over the ability to detect...

Product Update: IP and Code Threat Detection Now Available for GitHub and Atlassian’s Suite of Products, Including Confluence and Jira

John Filitz

Product Update: IP and Code Threat Detection Now Available for GitHub and Atlassian’s Suite of Products, Including Confluence and Jira

John Filitz 10.09.2024

Most organizations are unaware of how large their cloud identity attack surface is, specifically as it relates to the high number of human and non-human that exist in a typical environment. Many...

When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying

Ian Ahl

Featured, Research

When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying

Ian Ahl 10.03.2024

Key Takeaways Attacks against GenAI Infrastructure like AWS Bedrock have increased substantially over the last six (6) months. Particularly with exposed access keys. Attackers are hijacking victim...

Permiso Universal Identity Graph: Why Universal Identity Is Key to Solving Security Siloes

John Filitz

Permiso Universal Identity Graph: Why Universal Identity Is Key to Solving Security Siloes

John Filitz 09.19.2024

Permiso Security is excited to announce the release of the Universal Identity Graph, providing identity security risk visibility for all entity identities, including human and non-human, across all...

Permiso Launches Universal Identity Graph to Help Organizations Secure All Identities Across All Environments

Jared Elder

Permiso Launches Universal Identity Graph to Help Organizations Secure All Identities Across All Environments

Jared Elder 09.19.2024

Permiso’s recent product launch provides a centralized hub to secure all human and non-human identities across both cloud and on-premise environments PALO ALTO, CA – September 19, 2024 -- Permiso,...

Introducing Azure Activity Log Axe: An Open-Source Tool to simplify and improve the analysis of Azure Activity logs

Nathan Eades

Introducing Azure Activity Log Axe: An Open-Source Tool to simplify and improve the analysis of Azure Activity logs

Nathan Eades 09.16.2024

We are excited to formally announce the public availability of Azure Activity Log Axe, an open-source tool designed to simplify and improve the analysis of Azure Activity logs. The tool, initially...

Permiso Named SC Awards Finalist In Two Categories

Jared Elder

Permiso Named SC Awards Finalist In Two Categories

Jared Elder 08.30.2024

The identity security company has been named a finalist for both Most Promising Early Stage Startup and Best Threat Detection Technology categories

Strategies Used by Adversaries to Steal Application Access Tokens

Strategies Used by Adversaries to Steal Application Access Tokens

The Permiso Team 08.15.2024

Introduction In today's complex landscape of modern cybersecurity, organizations and cyber-defenders must remain vigilant as adversaries continuously refine their tactics, techniques, and procedures...

Exploiting Cloud Secrets Management Repositories: Adversary Tactics and Mitigation Strategies

Exploiting Cloud Secrets Management Repositories: Adversary Tactics and Mitigation Strategies

The Permiso Team 07.02.2024

Introduction Proper handling of sensitive information, such as passwords and API keys, is a crucial responsibility for any organization and cybersecurity professional using cloud services for their...

Introducing YetiHunter: An open-source tool to detect and hunt for suspicious activity in Snowflake

Bleon Proko

Introducing YetiHunter: An open-source tool to detect and hunt for suspicious activity in Snowflake

Bleon Proko 06.13.2024

Summary On May 30, 2024 Snowflake confirmed many clients were affected by an attacker leveraging compromised NHI credentials to perform data theft. In their notice, Snowflake included some indicators...

Extending Cloud Console Cartographer With New Mappings

Daniel Bohannon

Extending Cloud Console Cartographer With New Mappings

Daniel Bohannon 06.04.2024

Last month Permiso’s P0 Labs released the Cloud Console Cartographer open-source framework and corresponding research presentation at Black Hat Asia in Singapore. Recently we released our full suite...

Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 2

Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 2

The Permiso Team 05.21.2024

Detection and Mitigation The 'Create Snapshot', ‘Create Cloud Instance’, ‘Delete Cloud Instance’, ‘Revert Cloud Instance’ and ‘Modify Cloud Compute Configurations’ features are widely available...

Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 1

Unmasking Adversary Cloud Defense Evasion Strategies: Modify Cloud Compute Infrastructure Part 1

The Permiso Team 05.06.2024

The MITRE ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) Framework is a globally-accessible knowledge base of adversary tactics and techniques and procedures (TTPs) which are...

Credits: Brianne Cartwright

Ian Ahl

Déjà Vu or New View: Latest Okta Credential Stuffing Campaign

Ian Ahl 05.02.2024

Summary On April 26, 2024 Okta reported observing a large scale credential stuffing attack that shares infrastructure with a campaign previously reported by Cisco Talos. The campaign that Cisco...

Permiso Launches Cloud Console Cartographer to Help Security Teams Make Sense of Console Activity in Cloud Logs

Jared Elder

Permiso Launches Cloud Console Cartographer to Help Security Teams Make Sense of Console Activity in Cloud Logs

Jared Elder 04.18.2024

The open-source tool helps security teams easily transcribe log activity generated from events of AWS console sessions

Introducing Cloud Console Cartographer: An Open-Source Tool To Help Security Teams Easily Understand Log Events Generated by AWS Console Activity

Daniel Bohannon

Featured, Research

Introducing Cloud Console Cartographer: An Open-Source Tool To Help Security Teams Easily Understand Log Events Generated by AWS Console Activity

Daniel Bohannon 04.18.2024

Introduction While most cloud CLI tools provide a one-to-one correlation between an API being invoked and a single corresponding API event being generated in cloud log telemetry, browser-based...

An Adversary Adventure with Cloud Administration Command

An Adversary Adventure with Cloud Administration Command

The Permiso Team 04.11.2024

Introduction As the cybersecurity landscape rapidly evolves, organizations are implementing multi-cloud solutions to advance their digital transformation initiatives. On the other hand, threat actors...

Permiso Raises $18.5M Series A To Unify Threat Detection and Response In The Cloud

Jared Elder

Permiso Raises $18.5M Series A To Unify Threat Detection and Response In The Cloud

Jared Elder 04.03.2024

Permiso’s product offers a deep library of detection signals from known TTPs of modern threat actors and spans coverage across the cloud’s attack surface to detect threats in the cloud more quickly...

Credits: Wilma Miranda

Andi Ahmeti

Introducing CloudGrappler: A Powerful Open-Source Threat Detection Tool for Cloud Environments

Andi Ahmeti 03.07.2024

IntroductionWith the increased activity of threat actor groups like LUCR-3 (Scattered Spider) over the last year, being able to detect the presence of these threat groups in cloud environments...

Permiso Launches CloudGrappler To Help Security Teams Better Detect Threat Actors In Their Cloud Environments

Jared Elder

Permiso Launches CloudGrappler To Help Security Teams Better Detect Threat Actors In Their Cloud Environments

Jared Elder 03.07.2024

Free open source tool detects activity in cloud environments related to well-known threat actors such as LUCR-3 (Scattered Spider), the group responsible for MGM and Caesars breaches last September

Azure Logs: Breaking Through the Cloud Cover

Nathan Eades

Azure Logs: Breaking Through the Cloud Cover

Nathan Eades 01.17.2024

Permiso consistently observes that engineers and analysts often struggle with interpreting Azure Monitor Activity Logs, facing confusion and achieving only a partial understanding even after gaining...

Privileged Identity Management (PIM): For Many, a False Sense of Security

Nathan Eades

Privileged Identity Management (PIM): For Many, a False Sense of Security

Nathan Eades 12.07.2023

Privileged Identity Management (PIM): PIM is described as a service within Microsoft Entra ID, designed to manage, control, and monitor access to crucial organizational resources, encompassing...

Permiso Offers Complimentary Cloud Identity Threat Briefings in Wake of Okta Breaches

Jared Elder

Permiso Offers Complimentary Cloud Identity Threat Briefings in Wake of Okta Breaches

Jared Elder 12.07.2023

Cloud security company has been researching and detecting attacks against the identity provider control plane for last several years and built over a hundred detections and signals based on known...

Why Identity Providers Aren't Enough To Secure Identities In The Cloud - Part Two

Jared Elder

Why Identity Providers Aren't Enough To Secure Identities In The Cloud - Part Two

Jared Elder 11.09.2023

Your Identity Provider is a Security Guard Think about an identity provider as a security guard in an office building. The goal of the security guard is to ultimately monitor and regulate the access...

Why Identity Providers Aren't Enough to Secure Identities in the Cloud - Part One

Jared Elder

Why Identity Providers Aren't Enough to Secure Identities in the Cloud - Part One

Jared Elder 10.31.2023

In this two part series, we are going to analyze the role IdPs (identity providers) have played in some high-profile breaches over the last few years and perhaps, more specifically, the last few...

Permiso Offers Complimentary Threat Briefings on Scattered Spider

Jared Elder

Permiso Offers Complimentary Threat Briefings on Scattered Spider

Jared Elder 09.27.2023

Cloud security company has tracked the threat actor group for the past year and supported several organizations that have been targeted and impacted by recent attacks. The company's goal is to help...

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

Ian Ahl

Featured, Featured Research, Research

LUCR-3: Scattered Spider Getting SaaS-y in the Cloud

Ian Ahl 09.20.2023

Summary LUCR-3 overlaps with groups such as Scattered Spider, Oktapus, UNC3944, and STORM-0875 and is a financially motivated attacker that leverages the Identity Provider (IDP) as initial access...

Cloud Detection and Response Needs To Break Down Boundaries

Jared Elder

Cloud Detection and Response Needs To Break Down Boundaries

Jared Elder 08.31.2023

For the past several years, the security and engineering community have repeatedly heard the adage that "identity is the new perimeter." While identity has long been a pillar to managing security...

Intern Showcase: Anonymizing Logs Made Easy with LogLicker

Corey Ahl

Intern Showcase: Anonymizing Logs Made Easy with LogLicker

Corey Ahl 08.17.2023

LogLicker On GitHub: https://github.com/Permiso-io-tools/LogLicker Introduction Logs play a crucial role in monitoring and analyzing system activity, but handling sensitive information within...

Agile Approach to mass cloud credential harvesting and crypto mining sprints ahead

Abian Morina

Agile Approach to mass cloud credential harvesting and crypto mining sprints ahead

Abian Morina 07.16.2023

Summary Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and...

Cloud Detection and Response Survey Report 2023

Jared Elder

Cloud Detection and Response Survey Report 2023

Jared Elder 06.22.2023

In the first few years of Permiso’s journey as a cloud security startup, before raising venture capital and coming out of stealth mode in early 2022, the team spoke to 150-200 security and...

Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor

Ian Ahl

Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor

Ian Ahl 05.22.2023

Summary (the TL;DR) Permiso’s p0 Labs has been tracking a threat actor for the last 18 months. In this article we will describe the attack lifecycle and detection opportunities for the cloud-focused,...

New Phone, Who Dis? How Cloud Environments Are Exploited for Smishing Campaigns

Nathan Eades

New Phone, Who Dis? How Cloud Environments Are Exploited for Smishing Campaigns

Nathan Eades 04.14.2023

Commodity threat actors have recently begun to exploit cloud environments for smishing campaigns, employing techniques strikingly similar to those used in SES enumeration and abuse, as we've...

Legion: The Latest Threat in Mass Spam Attacks

Ian Ahl

Legion: The Latest Threat in Mass Spam Attacks

Ian Ahl 04.13.2023

Summary As the old proverb says, “Great minds think alike”. Many people may not know or remember the second half of that proverb, “Fools seldom differ.” Both sides of these adages are very well...

Permiso extends cloud threat detection and response capabilities with the addition of support for Azure, Azure AD, and Microsoft 365

Jason Martin

Permiso extends cloud threat detection and response capabilities with the addition of support for Azure, Azure AD, and Microsoft 365

Jason Martin 03.13.2023

Permiso is thrilled to announce our latest release, which includes support for Azure, Azure AD, and Microsoft 365. This release extends our powerful cloud detection and response capabilities by...

Our Approach to Detection: AndroxGh0st and GreenBot Edition

Ian Ahl

Our Approach to Detection: AndroxGh0st and GreenBot Edition

Ian Ahl 02.23.2023

Introduction The Permiso p0 Labs team has one core focus: know everything we can about cloud attacks, and make that knowledge actionable to our customers via detections in our CDR product. When we...

How Using Deprecated Policies Creates Overprivileged Permissions - AmazonEC2RoleforSSM vs AmazonSSMManagedInstanceCore

Bleon Proko

How Using Deprecated Policies Creates Overprivileged Permissions - AmazonEC2RoleforSSM vs AmazonSSMManagedInstanceCore

Bleon Proko 02.15.2023

Managed policies help AWS users simplify the way permissions are assigned. Periodically, AWS will add new permissions to active policies, which offer a new set of permissions to users. Because these...

Permiso 2022 - End of Year Observations

Ian Ahl

Press, Research

Permiso 2022 - End of Year Observations

Ian Ahl 02.06.2023

In 2022, Permiso's Cloud Detection & Response platform detected a multitude of different security events across client cloud infrastructure environments. In all cases, the detected suspicious and...

Gather Round the Watering Hole, We have a story to tell

Ian Ahl

Gather Round the Watering Hole, We have a story to tell

Ian Ahl 01.31.2023

Summary Watering hole attacks are an often underrated technique. On January 29th, 2023 Chris Farris reported to members of the “Cloud Security Forum” slack channel that he saw a google ad delivering...

SES-pionage

Nathan Eades

SES-pionage

Nathan Eades 01.12.2023

Exposed and stolen long lived keys are often the source of incidents we identify in our client’s cloud environments. Detecting the abuse of these keys is an area we focus a lot of effort in. After...

Cloud Cred Harvesting Campaign - Grinch Edition

Ian Ahl

Cloud Cred Harvesting Campaign - Grinch Edition

Ian Ahl 12.29.2022

Summary Attacks during the holidays are more reliable than Santa eating cookies. On December 28, 2022, Permiso Security’s p0 Labs team identified a credential harvesting campaign targeting cloud...

AWS Enhancements to UpdateLoginProfile and CreateLoginProfile logging

Nathan Eades

AWS Enhancements to UpdateLoginProfile and CreateLoginProfile logging

Nathan Eades 10.25.2022

Introduction While working on detection content for our clients, we often come across situations where logging from cloud providers and identity providers does not contain the level of detail needed....

Password spray enters the Okta-gon

Ian Ahl

Password spray enters the Okta-gon

Ian Ahl 09.16.2022

Identity Providers (IDPs), like Okta have always been a juicy target for threat actors of all skill levels. Attackers often still find success with low sophistication techniques like password...

You down with IDP? Impersonate me!

Ian Ahl

You down with IDP? Impersonate me!

Ian Ahl 08.29.2022

Summary Permiso Security and ACV Auctions, while collaborating on cloud detection efforts, discovered an impersonation technique in Okta application user assignments. Based on “in the wild”...

Achieving SOC 2 Type 1 Certification - Helping companies feel more secure about Permiso while we help them secure their public cloud

Jason Martin

Achieving SOC 2 Type 1 Certification - Helping companies feel more secure about Permiso while we help them secure their public cloud

Jason Martin 08.15.2022

We're excited to announce that Permiso is now SOC 2 Type I certified. This certification signifies that an independent third-party auditor has validated the design of our security program controls...

Permiso Alerts Module v1 Launched

Ian Ahl & Jason Martin

Permiso Alerts Module v1 Launched

Ian Ahl & Jason Martin 07.20.2022

We are very excited to announce a major release to our Permiso Alerts Module. This release currently includes dozens of unique cloud detection rules born from the front lines experience of our P0...

P0 Labs: Helping stay ahead of cloud adversaries

Ian Ahl

Press, Research

P0 Labs: Helping stay ahead of cloud adversaries

Ian Ahl 06.21.2022

As organizations continue to accelerate the shift to cloud, adversaries are following. Over the past ten (10) years I have had the opportunity to lead some of the largest and most impactful public...

Anatomy of an Attack: Exposed keys to Crypto Mining

Ian Ahl

Anatomy of an Attack: Exposed keys to Crypto Mining

Ian Ahl 06.20.2022

At Permiso, we find that the majority of incidents we discover or respond to, start with exposed access keys. Attackers leverage these keys to gain access, then setup a mechanism to establish...

Cloud vendor supply chain risk - Forecast: Foggy with a chance of thunderstorms

Ian Ahl

Cloud vendor supply chain risk - Forecast: Foggy with a chance of thunderstorms

Ian Ahl 05.05.2022

Attackers are increasingly taking advantage of trusted vendor relationships to perform software and service based supply chain attacks. As cloud adoption continues to grow, we will see sophisticated...

Permiso weighs in on CrowdStrike's LemonDuck malware finding

Ian Ahl

Permiso weighs in on CrowdStrike's LemonDuck malware finding

Ian Ahl 05.03.2022

On April 22, Permiso provided their perspective of CrowdStrike’s recent publication on LemonDuck malware shifting targeting to container and cloud technologies in the CSO Online article “Cryptomining...

Former FireEye Executives Emerge from Stealth with $10M Seed Round to Tackle Cloud Detection and Response

Paul Nguyen

Former FireEye Executives Emerge from Stealth with $10M Seed Round to Tackle Cloud Detection and Response

Paul Nguyen 01.18.2022

PALO ALTO, CA – January 18, 2022 – Permiso.io, a Palo Alto-based startup that provides the first of its kind in cloud identity detection and response for cloud infrastructures, today announced a $10...

Hear Ye, Hear Ye

Subscribe to Cloud Chronicles for the latest in cloud security!

21972-312_SOC_NonCPA

Product
P0 Labs
Request a demo
About
Blog
Contact Us
Join Our Team
Resources
Sign In

© Permiso Security 2025

Security|Privacy Policy|Terms