PØ LABS: RESEARCH FROM THE BATTLE FRONT
The threat researchers in PØ Labs watch incidents live, as they occur. Working right on the front lines of cloud threat, we can learn more than anyone else about the latest techniques of adversaries. And we when see something new, we’re very transparent.


LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
Ian Ahl | 09.20.23



LATEST CLOUD-SHAKING INSIGHTS
Privileged Identity Management (PIM): For Many, a False Sense of Security
Privileged Identity Management (PIM): PIM is described as a service within Microsoft Entra ID, designed to manage, control, and monitor access to crucial organizational resources, encompassing Microsoft Entra ID, Azure, and other Microsoft Online
Permiso Offers Complimentary Cloud Identity Threat Briefings in Wake of Okta Breaches
Cloud security company has been researching and detecting attacks against the identity provider control plane for last several years and built over a hundred detections and signals based on known TTPs from advanced threat actor groups PALO ALTO,
Why Identity Providers Aren't Enough To Secure Identities In The Cloud - Part Two
Your Identity Provider is a Security Guard Think about an identity provider as a security guard in an office building. The goal of the security guard is to ultimately monitor and regulate the access of visitors into the building. They verify that

CLOUD INCIDENT RESPONSE
cloud Infrastructure Paranoia?
Get a free first consultation with the PØ Labs team, led by former Mandiant incident responders. See how PØ Labs identifies compromised infrastructure and helps you respond.

CLOUD COMPROMISE ASSESSMENT
See Who’s Cloud-Lurking Now
PØ Labs can give you a full rundown of who’s in your environment, what they’ve been doing, and if you should be worried. Best case, there’s nothing to worry about.


YOUR FRONT-LINE RESEARCH TEAM


Daniel Bohannon
Principal Threat Researcher
UGA B.S. CompSci, Georgia Tech M.S. InfoSec, 13+ years IR & researcher roles including Mandiant Advanced Practices Team & Microsoft, OpenSource tool developer (e.g. Invoke-Obfuscation)
My favorite dessert is a lavender latte - to be enjoyed during or between any meal of the day




Ricardo Arancibia
Data Scientist
~4 years of experience solving problems using Data Science and building end-to-end ML solutions in a wide variety of industries. Co-founded an official ML Google community with +500 members.
My favorite dessert is any and all combinations of coffee and chocolate. I enjoy coffee in my chocolate and chocolate in my coffee.

Andi Ahmeti
Associate Threat Researcher
Experienced Computer Engineering senior student with a 6-month internship as a Security Engineer. Passionate about cybersecurity and skilled in software development, hardware design, and system architecture.
My favorite dessert is any and all combinations of coffee and chocolate. I enjoy coffee in my chocolate and chocolate in my coffee.

Abian Morina
Associate Threat Researcher
Computer Science and Engineering student specializing in Information Security and Assurance. 1+ year of experience as a Penetration Tester/Bounty Hunter.
My favorite dessert is any and all combinations of coffee and chocolate. I enjoy coffee in my chocolate and chocolate in my coffee.


Enisa Hoxhaxhiku
Threat Research Intern
Highly motivated and proactive Computer Science and Engineering student deeply passionate about Information Security and Cybersecurity. Interned in Information Security, actively engaging in red team and blue team activities. Possesses a strong analytical mindset and attention to detail.
My favorite dessert is any and all combinations of coffee and chocolate. I enjoy coffee in my chocolate and chocolate in my coffee.