Research

Ron Marom
October 24, 2023

Okta Threat Hunting: Auditing Okta Logs Part 2

Update Note Due to the recent events at MGM, which included the compromise of MGM’s Okta tenant, and the surge in attacks of Okta Admins,  we have updated the threat-hunting article, adding ...
Read More
Defending Azure Active Directory (Entra ID): Unveiling Threats through Hunting Techniques
Ron Marom
October 4, 2023

Defending Azure Active Directory (Entra ID): Unveiling Threats through Hunting Techniques

Azure Active Directory (Entra ID) stands as one of the most popular and widely-used cloud-based identity and access management services provided by Microsoft. It serves as a comprehensive ...
Read More
Threat Hunting for Identity Threats in Snowflake
Ron Marom
August 24, 2023

Frosty Trails: Threat-Hunting for Identity Threats in Snowflake

The Snowflake platform has revolutionized how organizations store, process, and analyze large volumes of data. It offers a fully-managed data warehouse-as-a-service solution, providing a scalable ...
Read More
Ori Amiga, Ron Marom
July 17, 2023

Okta Logs Decoded: Unveiling Identity Threats Through Threat Hunting

In the ever-evolving world of cybersecurity, staying steps ahead of potential threats is paramount. With identity becoming a key for an organization’s security program, we increasingly rely ...
Read More
GitHub Account Takeover of AWS and GCP Accounts
Rezonate
May 16, 2023

From GitHub to Account Takeover: Misconfigured Actions Place GCP & AWS Accounts at Risk

In April 2023, Rezonate research team explored prevalent misconfigurations of GitHub integration with cloud native vendors. GitHub OIDC-based trust relations have been found with the critical ...
Read More
Circle CI Breach
Ori Amiga
February 27, 2023

CircleCI Breach: Detect and Mitigate to Assure Readiness

On January 4, 2023, CircleCI, a continuous integration (CI/CD) and delivery service, reported a data breach. The company urged its customers to take immediate action while a complete ...
Read More