Skip to Main Content
blog
nav-menu
blog-aws-logging-enhancement-card
Research
Nathan Avatar
Ian

Nathan Eades & Ian Ahl

25 Oct 2022

AWS Enhancements to UpdateLoginProfile and CreateLoginProfile logging

Logging by cloud providers and identity providers sometimes does not contain the level of detail needed for detections. We found a case in AWS when a login profile is created or updated without the reset password flag set to true.

READ MORE

blog-idp-ipersonate-me-title-image
Research
Ian
Nathan Avatar

Ian Ahl & Nathan Eades

29 Aug 2022

You down with IDP? Impersonate me!

Permiso Security and ACV Auctions, while collaborating on cloud detection efforts, discovered an impersonation technique in Okta application user assignments. This technique is being utilized for both benign and nefarious purposes.

READ MORE

paginate first page
previous page
1
next page
paginate last page

Search

Choose Category

Company
Security
Product
Research
News