pushsecurity/saas-attacks

Issues

• Add cross-idp impersonation as a technique

  #84 opened 5 days ago by jukelennings
  0

• Add Holehe as recon tool

  #82 opened 2 months ago by jacques-
  0

• Make a contribution guide

  #39 opened a year ago by jukelennings
  0

• Reconsider not publishing to Mitre ATT&CK

  #80 opened 3 months ago by xg5-simon
  0

• Add google email flaw compromise as a real-world ghost logins example

  #78 opened 4 months ago by jukelennings
  0

• Example of either in-app phishing or link backdooring

  #69 opened 4 months ago by jukelennings
  1

• Add mew technique based on monday.com legit email abuse

  #68 opened 4 months ago by jukelennings
  1

• Add MFA downgrade attack as a technique

  #67 opened 4 months ago by jukelennings
  0

• Add initial access phase for ghost logins

  #72 opened 5 months ago by jukelennings
  0

• Add session theft as a technique

  #70 opened 5 months ago by jukelennings
  0

• Add example for in-app phishing of GitHub using trick to host files on GitHub repos you do not control

  #65 opened 7 months ago by jukelennings
  0

• Add breach table to list real-world breaches where SaaS attack techniques have been used

  #63 opened 8 months ago by jukelennings
  0

• Device Enrollment technique

  #61 opened 8 months ago by jukelennings
  0

• Add AITM phishing proxying as a techinique

  #43 opened 8 months ago by jukelennings
  0

• Add password manager extraction examples to password scraping technique

  #58 opened 8 months ago by jukelennings
  0

• Shadow workflow reference for use of Fivetran by Scattered Spider

  #56 opened 10 months ago by jukelennings
  0

• Add references for recent Microsoft report on OAuth attacks

  #54 opened a year ago by jukelennings
  0

• Potential new technique - kubernetes resource injection

  #53 opened a year ago by Esonhugh
  0

• Add okta swa example for password scraping

  #51 opened a year ago by jukelennings
  0

• Add inbound federation as a new technique

  #48 opened a year ago by jukelennings
  0

• Add slack phishing, persistence and lateral movement references

  #46 opened a year ago by jukelennings
  0

• GitHub VSCode OAuth app spoofing

  #44 opened a year ago by jukelennings
  0

• Hosting phishing pages on SaaS (AMP)

  #24 opened a year ago by jacques-
  1

• Add references for shadow workflow + evil twin integration attack chain blog

  #40 opened a year ago by jukelennings
  0

• Reference poisoned tenant + SAMLjacking attack chain demo

  #35 opened a year ago by jukelennings
  0

• Add SAMLjacking example for datadog

  #28 opened a year ago by jukelennings
  0

• Should SAMLJacking be lateral movement as well?

  #31 opened a year ago by jacques-
  0

• Attacks should have ID's to support mapping items to detection rules

  #32 opened a year ago by BatteryCandy
  1

• Reference power-pwn where appropriate for shadow workflows or similar

  #30 opened a year ago by jukelennings
  0

• Potential new technique(s) - cell phone related compromise

  #29 opened a year ago by jukelennings
  0

• Expensify example for ghost logins

  #22 opened a year ago by jukelennings
  3

• Potential new technique - delegated access

  #26 opened a year ago by jukelennings
  0

• Add nuclino example to poisoned tenant

  #21 opened a year ago by jukelennings
  0

• Add MITRE reference links where relevant

  #17 opened a year ago by jukelennings
  0

• Big expansion on recon technique examples

  #19 opened a year ago by jukelennings
  0

• Reference adding sweep

  #18 opened a year ago by jukelennings
  0

• add information and references around device code phishing to consent phishing

  #7 opened a year ago by jukelennings
  1

• reference evilnginx in relevant techniques

  #11 opened a year ago by jukelennings
  0

• reference o365 attack toolkit in relevant techniques

  #10 opened a year ago by jukelennings
  0

• references for tools to do mail rules

  #1 opened a year ago by jacques-
  0