accent 1 accent 2
Cyber Attack Workshop

Cloud Imposter: Using SSO to Stage a SaaS Invasion


Watch our attacker perform a sneaky spear-phishing attack to take over an admin’s account and impersonate high-profile users with a built-in SSO feature.

Our imposter will steal hundreds of sensitive HR docs from the company’s Google Workspace, create hidden backdoor links, and jump over to Box to exfiltrate customer contracts.

We’ll show you exactly how this attack is performed, then highlight how DatAdvantage Cloud makes it easier to see and prevent cross-cloud attacks.


Watch Now

How the attack works:

  • Pre-attack recon to figure out who will be an easy target
  • Bypass MFA using an advanced phishing technique
  • Export the org’s Google Workspace user list
  • Impersonate the VP of HR, access her Google Workspace, and steal employee data
  • Create hidden sharing links to external Gmail accounts as a backdoor
  • Take over a Box super admin account
  • Exfiltrate data using a custom public sharing URL

After the simulation, our Incident Response team will use DatAdvantage Cloud to show how our proactive policies and cross-cloud investigation features can detect and prevent this type of attack

Ryan O'Boyle Sr. Manager Cloud Architecture & Operations, Varonis

Ryan O’Boyle, GCIH is the Sr. Manager of Cloud Architecture & Operations at Varonis. Ryan has an engineering background with experience in IT infrastructure, Incident Response, and Data Protection. Varonis’ team of security professionals provide complementary Incident Response services to all existing customers. In addition, they work with customers to operationalize the Varonis Data Security Platform and integrate Varonis into the security ecosystem.

“The level of governance and insight provided by Varonis empowered our team to detect and respond to abnormalities as well as user activity and misconfigurations.”

Al Faella, CTO, Prospect Capital Management

Want to see Varonis in action?