jukelennings issues

Results 7 issues of


                                            jukelennings

Add breach table to list real-world breaches where SaaS attack techniques have been used

Make a contribution guide

Reference power-pwn where appropriate for shadow workflows or similar

https://github.com/mbrg/power-pwn

Potential new technique(s) - cell phone related compromise

1) SIM fraud for passwordless SMS logins or MFA bypassing 2) Persistence via similar methods by registered an adversary controlled phone number (as opposed to ghost logins)

Potential new technique - delegated access

While reviewing Expensify for a couple example additions to techniques, I noticed this co-pilot functionality. This is essentially a form of delegating access to other users of the application so...

Big expansion on recon technique examples

We currently have mostly 1-2 examples for each technique demonstrating it is valid to a minimum of a proof of concept level. Going forwards, the more examples we have the...

Reference adding sweep

Run through all the techniques left to right to find some quick-win references to add where appropriate e.g. relevant blog posts/tools that are specific to the technique that we haven't...