23 Feb 2023
Our Approach to Detection: AndroxGh0st and GreenBot Edition
From atomic indicators to TTPs, in this article, the Permiso p0 Labs team discusses their approach to detecting AndroxGh0st and Greenbot persistence modules.
READ MORE
15 Feb 2023
How Using Deprecated Policies Creates Overprivileged Permissions - AmazonEC2RoleforSSM vs AmazonSSMManagedInstanceCore
AmazonEC2RoleforSSM, a deprecated version of the now recommended AmazonSSMManagedInstaceCore. We'll break down why AWS likely deprecated the original policy and how organizations leave themselves vulnerable by continuing to use these deprecated policies.
READ MORE
31 Jan 2023
Gather Round the Watering Hole, We have a story to tell
Watering hole phishing attack targeted at users of AWS Management Console via Google ads!
READ MORE
12 Jan 2023
SES-pionage
What do attackers do with exposed AWS access keys? We look inside AWS SES to give deeper insights into the service, why & how its targeted and how to detect it.
READ MORE
29 Dec 2022
Cloud Cred Harvesting Campaign - Grinch Edition
The Grinch targets Jupyter this Christmas with a cloud cred harvesting campaign.
READ MORE
25 Oct 2022
AWS Enhancements to UpdateLoginProfile and CreateLoginProfile logging
Logging by cloud providers and identity providers sometimes does not contain the level of detail needed for detections. We found a case in AWS when a login profile is created or updated without the reset password flag set to true.
READ MORE
Search
Choose Category