All Categories
Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor
Permiso’s p0 Labs has been tracking a threat actor for the last 18 months. In this article we will describe the attack lifecycle and detection opportunities for the cloud-focused, financially motivated threat actor we have dubbed as p0-LUCR-1, aka GUI-vil (Goo-ee-vil).
Read More
New Phone, Who Dis? How Cloud Environments Are Exploited for Smishing Campaigns
Commodity threat actors have recently begun to exploit cloud environments for smishing campaigns, employing techniques strikingly similar to those used in SES enumeration and abuse.
Read More
Legion: The Latest Threat in Mass Spam Attacks
Cado and Permiso researchers team up to do a breakdown of Legion's toolset and discuss the review some of the differences between Legion and the likes of AndroxGh0st and Greenbot.
Read More
Permiso extends cloud threat detection and response capabilities with the addition of support for Azure, Azure AD, and Microsoft 365
Permiso is thrilled to announce our latest release, which includes support for Azure, Azure AD, and Microsoft 365.
Read More
Our Approach to Detection: AndroxGh0st and GreenBot Edition
From atomic indicators to TTPs, in this article, the Permiso p0 Labs team discusses their approach to detecting AndroxGh0st and Greenbot persistence modules.
Read More
How Using Deprecated Policies Creates Overprivileged Permissions - AmazonEC2RoleforSSM vs AmazonSSMManagedInstanceCore
AmazonEC2RoleforSSM, a deprecated version of the now recommended AmazonSSMManagedInstaceCore. We'll break down why AWS likely deprecated the original policy and how organizations leave themselves vulnerable by continuing to use these deprecated policies.
Read More