SaaS->Endpoint attacks #2

jacques- · 2023-07-25T11:53:19Z

jacques-
Jul 25, 2023
Maintainer

Consider attacks like:

backdooring github repos so they execute code when opened in vscode - something like https://github.blog/2023-07-18-security-alert-social-engineering-campaign-targets-technology-industry-employees/
Setting scripts to run on exploits when you breach a SaaS MDM solution

Feels like these would be "Execution" phase attack techniques?

Are there any other we're aware of?

jukelennings · 2023-07-26T11:47:30Z

jukelennings
Jul 26, 2023
Collaborator

Microsoft Power Automate has "Desktop Flows", which is the bit I haven't explored yet, but is a form of Robotic Process Automation (RPA). I'm guessing a user probably needs some software installed for it already, but I'm wondering if someone already makes use of it and you compromise the Power Automate account, then possibly you could modify or create new flows that may allow an endpoint compromise? One to check out for sure.

1 reply

jacques- Jul 26, 2023
Maintainer Author

Interesting, yeah I wonder how many other thick clients store config in a cloud service that could be used in this way...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SaaS->Endpoint attacks #2

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

Select a reply

SaaS->Endpoint attacks #2

jacques- Jul 25, 2023 Maintainer

Replies: 1 comment · 1 reply

jukelennings Jul 26, 2023 Collaborator

jacques- Jul 26, 2023 Maintainer Author

jacques-
Jul 25, 2023
Maintainer

Replies: 1 comment 1 reply

jukelennings
Jul 26, 2023
Collaborator

jacques- Jul 26, 2023
Maintainer Author