Password spray enters the Okta-gon

Identity Providers (IDPs), like Okta have always been a juicy target for threat actors of all skill levels. Permiso identified a large Okta password spraying campaign that took place in late August.

Research

Ian Ahl & Nathan Eades

29 Aug 2022

You down with IDP? Impersonate me!

Permiso Security and ACV Auctions, while collaborating on cloud detection efforts, discovered an impersonation technique in Okta application user assignments. This technique is being utilized for both benign and nefarious purposes.

Research

Ian Ahl

20 Jun 2022

Anatomy of an Attack: Exposed keys to Crypto Mining

At Permiso, we find that the majority of incidents we discover or respond to, start with exposed access keys. Attackers leverage these keys to gain access, then setup a mechanism to establish persistence, perform reconnaissance, and complete their mission.