SaaS Attacks: Compromising an Organization without Touching the Network

In this episode Luke Jennings VP of Research & Development from Push Security joins us to discuss SaaS attacks and how its possible to compromise an organization without touching a single endpoint or network. Luke talks about his recent SaaS attack research, why SaaS based attacks are different than traditional network based attacks, the SaaS attack matrix which can be used by both red and blue teams, and why its important that this research is shared and talked about in the cybersecurity community. ** Links mentioned on the show...

In this episode Luke Jennings VP of Research & Development from Push Security joins us to discuss SaaS attacks and how its possible to compromise an organization without touching a single endpoint or network. Luke talks about his recent SaaS attack research, why SaaS based attacks are different than traditional network based attacks, the SaaS attack matrix which can be used by both red and blue teams, and why its important that this research is shared and talked about in the cybersecurity community.

** Links mentioned on the show *

Let’s talk about SaaS attack techniques
https://pushsecurity.com/blog/saas-attack-techniques/

SAMLjacking a poisoned tenant
https://pushsecurity.com/blog/samljacking-a-poisoned-tenant/

Push Security SaaS Attacks GitHub
https://github.com/pushsecurity/saas-attacks

Follow Luke and Push Security
https://www.linkedin.com/in/luke-jennings-042b5619b/
https://twitter.com/jukelennings
https://twitter.com/PushSecurity
https://pushsecurity.com/

** Watch this episode on YouTube **

https://youtu.be/Rj0t5Lw12Ic

** Become a Shared Security Supporter **

For only $5 per month get exclusive access to ad-free episodes, listen to new episodes before they are released, get access to our private Discord server, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today! https://patreon.com/SharedSecurity

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

Click Armor

To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity

** Subscribe and follow the podcast **

Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Watch and Subscribe on Odysee (YouTube alternative)
https://odysee.com/@SharedSecurity:c

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Follow us on Twitter: https://twitter.com/sharedsec

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post SaaS Attacks: Compromising an Organization without Touching the Network appeared first on Shared Security Podcast.