accent 1 accent 2
Icon-Check@3x
on-demand Cyber Attack Workshop

Hacker Snacks: Those Cookies Will Go Straight to Your SaaS 🍪

On-Demand

Watch our hacker compromise one user and gain persistent access to many SaaS apps.

We'll use a reverse HTTP tunnel to evade common detections, steal cookies and credentials, and make AWS, GitHub, and Salesforce data publicly accessible!

Learn how SaaS authentication works, watch the attack unfold, and see how DatAdvantage Cloud spots suspicious activity.

+1 CPE

Watch Now

Here’s a High-Level Overview of How this Attack Plays Out:

  • An attacker targets a user through a phishing email to establish a C2 channel
  • Uses homemade script to dump all credentials and cookies from the user’s browser
  • Sets up a reverse tunnel to bypass geohopping and network-based alerts
  • Bypasses MFA using stored cookies and token from the user
  • Shares out SaaS repositories to be used in the future without detection
  • Sets up API access in Salesforce to siphon vital company information

After we walk through the attack our team will use DatAdvantage Cloud to investigate what alerts would have been triggered during attack and how this could be easily mitigated with the appropriate visibility.

Mason Takacs headshot
Mason Takacs Senior Engineer, Varonis

Mason Takacs is a Senior Sales Engineer out of Columbus, Ohio. He has been with Varonis for a couple years now and in the IT industry for over a decade. He is most commonly found working with strategic enterprise accounts and helping to lead the SE community in North America as part of the Varonis SE Council.

“The level of governance and insight provided by Varonis empowered our team to detect and respond to abnormalities as well as user activity and misconfigurations.”

Al Faella, CTO, Prospect Capital Management

Want to see Varonis in action?

REQUEST A DEMO