'%3e%3cpath%20d='M248.027%20159.993C292.176%20159.993%20328.105%20124.1%20328.105%2079.996C328.105%2035.892%20292.191%200%20248.027%200C203.863%200%20167.95%2035.892%20167.95%2079.996C167.949%20124.101%20203.878%20159.993%20248.027%20159.993ZM213.969%2045.973C223.069%2036.882%20235.155%2031.873%20248.027%2031.873C260.899%2031.873%20272.986%2036.882%20282.086%2045.973C291.186%2055.064%20296.2%2067.154%20296.2%2079.997C296.2%2092.84%20291.186%20104.93%20282.086%20114.021C272.986%20123.112%20260.899%20128.12%20248.027%20128.12C235.155%20128.12%20223.069%20123.111%20213.969%20114.021C204.869%20104.93%20199.871%2092.84%20199.871%2079.997C199.871%2067.154%20204.884%2055.063%20213.969%2045.973Z'%20fill='%23EE4323'/%3e%3cpath%20d='M150.16%200L57.6821%20159.993H94.5381L187%200H150.16Z'%20fill='%23EE4323'/%3e%3cpath%20d='M92.478%200L0%20159.993H36.856L129.334%200H92.478Z'%20fill='%23EE4323'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_296_834'%3e%3crect%20width='328.105'%20height='159.993'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Lunch & Learn Menu
At Push, our research-led team has published community resources to help organizations to defend against these threats. Since a rising tide lifts all boats, we're offering the opportunity to run a tailored lunch and learn session for your team. This session will focus on the most prevalent and impactful identity attack techniques we're observing in the wild, the telemetry needed to detect them, and the controls that can be deployed to stop them.
Option #1: Identity attacks briefing
Attackers don’t hack in, they log in. Attacker TTPs are rapidly evolving as they continue to prey on vulnerable and
poorly monitored identity attack surfaces. The result? Compromised identities are now the #1 cause of breaches.
We’ll explore how and why attackers have their focus to identities and demonstrate some of the techniques they use to bypass controls and evade detection:
- Stealing session cookies using infostealers and then hijacking user sessions.
- Exploiting shadow identities and ghost logins by targeting SaaS apps at scale with stolen credentials.
- Using AitM and BitM toolkits to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering.
- Maintaining persistence and laterally moving in a SaaS environment without touching the network or endpoint.
Option #2: Threat hunting in the browser
With the shift away from endpoint and network attacks toward identity-based techniques, attacks are happening
entirely in the browser, over the internet, with no local malware deployment – leading to a significant detection gap.
We’ll cover various attacker techniques and tools that can be detected in the browser, with video demos of:
- Detecting web-based obfuscation techniques like HTML smuggling and tracking dynamic malicious links.
- Building security alerts and scripts to detect malicious activity or proactively flag identity vulnerabilities.
- Taking auto-screenshots when certain events are triggered to enrich SIEM tickets.
- Preventing users from creating and accessing accounts using weak, reused, or previously breached passwords to reduce the risk of identity compromise.
Confirm your invitation
