Skip to Main Content
blog

Cloud Chronicles

Really good cloud security info from a couple of guys who love Star Trek and alfredo sauce.

blog_banner_guivil
Ian Ahl
Daniel Bohannon

Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor

FEATURED

Permiso’s p0 Labs has been tracking a threat actor for the last 18 months. In this article we will describe the attack lifecycle and detection opportunities for the cloud-focused, financially motivated threat actor we have dubbed as p0-LUCR-1, aka GUI-vil (Goo-ee-vil).

search-icon
blog_banner_guivil
Ian Ahl
Daniel Bohannon

Research

Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor

Permiso’s p0 Labs has been tracking a threat actor for the last 18 months. In this article we will describe the attack lifecycle and detection opportunities for the cloud-focused, financially motivated threat actor we have dubbed as p0-LUCR-1, aka GUI-vil (Goo-ee-vil).

blog_sns_new_phone
Nathan Eades

Research

New Phone, Who Dis? How Cloud Environments Are Exploited for Smishing Campaigns

Commodity threat actors have recently begun to exploit cloud environments for smishing campaigns, employing techniques strikingly similar to those used in SES enumeration and abuse.

cado_permiso_collab
Ian Ahl
Nathan Eades

Research

Legion: The Latest Threat in Mass Spam Attacks

Cado and Permiso researchers team up to do a breakdown of Legion's toolset and discuss the review some of the differences between Legion and the likes of AndroxGh0st and Greenbot.

Now-Supporting-Azure-and-Microsoft365
Jason Martin

Product

Permiso extends cloud threat detection and response capabilities with the addition of support for Azure, Azure AD, and Microsoft 365

Permiso is thrilled to announce our latest release, which includes support for Azure, Azure AD, and Microsoft 365.

blog__detection_androx
Ian Ahl

Research

Our Approach to Detection: AndroxGh0st and GreenBot Edition

From atomic indicators to TTPs, in this article, the Permiso p0 Labs team discusses their approach to detecting AndroxGh0st and Greenbot persistence modules.

blog_SSMRoleBatman
Bleon Proko

Research

How Using Deprecated Policies Creates Overprivileged Permissions - AmazonEC2RoleforSSM vs AmazonSSMManagedInstanceCore

AmazonEC2RoleforSSM, a deprecated version of the now recommended AmazonSSMManagedInstaceCore. We'll break down why AWS likely deprecated the original policy and how organizations leave themselves vulnerable by continuing to use these deprecated policies.