Push
@PushSecurity
A browser-based agent that detects and prevents identity breaches.
You might like
💡 Introducing a SaaS attack matrix of networkless SaaS attack techniques - These attacks bypass EDR and network detection 💬 #Pentesters #Redteams We’d love to some comments or contributions for things you've tried on GitHub! Links in 🧵 #security #infosec #SaaSsecurity
ClickFix, FileFix & related browser attacks are up 517% in 6 months. Push now detects ClickFix, FileFix, and other browser-based attacks that copy malicious code and run it on the victim’s machine. Learn more: pushsecurity.com/blog/introduci…
Attacks have moved away from endpoints and internal networks to the browser — a blind spot for traditional security tools. Read more below 👇 pushsecurity.com/blog/how-the-b…
pushsecurity.com
How the browser became the main cyber battleground
How attacks have moved away from endpoints and internal networks to the browser — a blind spot for traditional security tools.
🚀 We’re thrilled to announce our $30M Series B led by @Redpoint, supercharging our mission to stop identity attacks 🚀 Check out the press release here: pushsecurity.com/news/push-secu…
Have you signed up to see @jukelennings use OpenAI Operator to automate identity attacks? Watch the clip below to see how it responds when tasked with logging into apps using stolen credentials. Want to see more? Register for the webinar here 👇 pushsecurity.com/webinar/automa…
We're ready for @BlackHatEvents Europe this week! Stop by booth 436 to chat with @ajaybateman, @jukelennings and the team about the rise in identity attacks – and how Push's browser-based ITDR solution gives defenders the advantage they need. We’ve got brand new swag too!
1/ A new class of phishing - how verification phishing and cross-idp impersonation can bypass your SSO. Here is a video demo, but this is one where you really need to read the full article too - pushsecurity.com/blog/a-new-cla… I'll summarize the key points in this thread.
Are you at GrrCON? Join us tonight for an epic evening of delicious food, refreshing drinks, and fantastic networking. Spots are going quickly! Register now: lu.ma/grrconhappyhou…
Ready to meet the REAL cookie monster? Join us on September 12th where @jukelennings will be compromising MFA-protected services by stealing session cookies and hijacking live sessions. Don’t miss out – register here: pushsecurity.com/webinar/infost…
Don't miss out on our upcoming webinar where @jukelennings will be demoing infostealers, showing how to steal cookies and hijack sessions for MFA-protected services like M365 and downstream SaaS apps. Details below 👇 Pick a time and register here: pushsecurity.com/webinar/infost…
Some of my research on SaaS attacks, including ghost logins and other persistence vectors, made it on to @DarknetDiaries Achievement unlocked.
I wrote a blog post on the many defense mechanisms phishing kits are using to avoid discovery and analysis now. I used a recent instance of NakedPages and cover 9 different techniques, including Cloudflare Workers and Turnstile abuse. IOCs included. pushsecurity.com/blog/how-aitm-…
Join us for happy hour with @sublime_sec on August 8! Grab a drink, have a bite, catch up with old friends (and make some new ones) at KUMI in Mandalay Bay! RSVP: lu.ma/bh24-sublime-p…
If you missed my Snowflake webinar yesterday and you’re impacted by the recent breach, you can check out this link to the demo segment from the webinar, where I show how to disable ghost logins in Snowflake. Remember, this is not just a Snowflake problem pushsecurity.com/resources/vide…
Is the Snowflake breach, touted as the biggest in history, identity security’s WannaCry moment? Join Luke Jennings, VP R&D at @PushSecurity, to explore what Snowflake shows us about the complexity of the identity attack surface, and discuss the practical steps that…
The Snowflake breach will be for cloud identity attacks what WannaCry was for Ransomware. Join @jukelennings to explore the practical takeaways from the incident. Select the best time for you using the dropdown menu. pushsecurity.com/webinar/snowfl…
7/ Well, when we investigated, we discovered that if you enable SAML SSO for a Snowflake account for a local account with no MFA, the local password still works unless you explicitly create an authentication policy to prevent it.
1/ The ongoing Snowflake situation has made me realize just how dangerous ghost logins – a SaaS-based persistence technique that I coined last year – can be as an initial access vector. So what is a ghost login, exactly?
Check out our upcoming webinar with @jukelennings where he'll be demoing the use of AitM phishing toolkits to compromise cloud identities! 😎 There are a few different time slots to choose from so you can catch this wherever you are. app.livestorm.co/push/phishing?…
Are you heading to Identiverse next week? @jukelennings will be delivering a technical masterclass demonstrating how to own a business without touching the endpoint, by targeting SaaS apps and identities. Don't miss it!
Check out our latest case study from Upvest! A major draw for Upvest was the power of our browser extension for identity threat detection and response, which we’re not seeing many other orgs in the ITDR space make use of. Read here: pushsecurity.com/resources/cust…
United States Trends
- 1. Caleb Love 2,875 posts
- 2. Mamdani 469K posts
- 3. Marjorie Taylor Greene 71.5K posts
- 4. Sengun 8,696 posts
- 5. Reed Sheppard 3,877 posts
- 6. Suns 20.8K posts
- 7. Collin Gillespie 4,044 posts
- 8. Morgan Geekie N/A
- 9. Norvell 3,554 posts
- 10. Lando 48.2K posts
- 11. #SmackDown 47.5K posts
- 12. UNLV 2,250 posts
- 13. Kerr 5,182 posts
- 14. Blazers 4,033 posts
- 15. Florida State 10.8K posts
- 16. #DBLF2025 12.9K posts
- 17. Wolves 16.5K posts
- 18. Rockets 16.7K posts
- 19. The View 98K posts
- 20. #LasVegasGP 74.1K posts
Something went wrong.
Something went wrong.