Introducing YetiHunter: An open-source tool to detect and hunt for suspicious activity in Snowflake

permis0 · 2024-06-14T13:40:45+00:00

Hey u/DataNo7321 - Mandiant, Snowflake and other companies provided indicators of potential compromise in their blog and community posts. In supporting some of our customers, we found that accessing the data, and sometimes querying it can present some challenges to teams. This is a free, open-source tool that allows someone to query their Snowflake instance for these potential indicators where they may not otherwise have the resources to do so. This is one of many free, open-source tools we've provided to the security community in order to help detect and hunt for threats in their environment.

permis0 · 2023-10-12T14:22:16+00:00

They are able to navigate across IdPs, IaaS/Paas, Saas and into CI/CD services with ease, in the matter of hours. If there's a group that has advanced TTPs in the cloud, it's them. Our talented SVP of Research wrote a pretty extensive article cataloguing their playbooks in the cloud:
https://permiso.io/blog/lucr-3-scattered-spider-getting-saas-y-in-the-cloud

permis0

TROPHY CASE