Inside the SaaS Attack Matrix: A Framework for Cloud-Native Offensive Security
Hook
While your firewall watches the perimeter, attackers are walking through the front door of your SaaS applications without ever touching your network. They don’t need to.
Context
Traditional security frameworks like MITRE ATT&CK evolved in an era of on-premises infrastructure, where attackers needed to breach network perimeters and compromise endpoints. But the shift to SaaS has fundamentally changed the threat landscape. Modern organizations run on Slack, Google Workspace, Microsoft 365, and hundreds of specialized SaaS tools—each with its own OAuth flows, API tokens, and federated identity integrations. These applications live outside corporate networks entirely, accessible from any device, anywhere.
Push Security’s saas-attacks repository addresses a critical blind spot in offensive security research: there was no comprehensive framework documenting attack techniques that operate purely at the SaaS layer. The project introduces the concept of ‘networkless attacks’—adversarial techniques that never touch endpoints or corporate networks yet can achieve full account compromise, data exfiltration, and persistent access. This research was presented at Microsoft BlueHat 2023, and the repository has gained traction with 1,410 stars, filling a gap that traditional endpoint-focused security tools simply can’t address.
Technical Insight
The repository structures SaaS attack techniques as a matrix inspired by MITRE ATT&CK, organizing techniques across the classic attack lifecycle: Reconnaissance, Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, and Exfiltration. Each technique receives its own directory with standardized documentation including descriptions, examples, and references.
The reconnaissance phase demonstrates how attackers enumerate SaaS tenants without traditional network scanning. Techniques include SAML enumeration, which exploits how identity providers respond to authentication requests, subdomain tenant discovery, slug tenant enumeration, DNS reconnaissance, and username enumeration—all conducted through normal HTTPS traffic that no firewall would block.
The Initial Access techniques are particularly sophisticated. Consent phishing exploits OAuth’s trust model, where an attacker creates a legitimate OAuth application and requests permissions like ‘read email’ or ‘access files.’ When a user clicks ‘Allow,’ they’re granting legitimate API access through the platform’s intended authorization flow. The attacker gains persistent access via OAuth tokens without ever compromising credentials. Other initial access techniques include poisoned tenants, SAMLjacking, account ambushing, credential stuffing, app spraying, various phishing methods (email, IM, in-app), IM user spoofing, nOAuth, and MFA fatigue.
SAMLjacking exploits the trust relationship between identity providers and service providers. In a typical SAML flow, the identity provider vouches for a user’s identity by signing a SAML assertion. The technique appears to target manipulation of SAML responses to authenticate as users without knowing their passwords.
The Persistence techniques reveal how attackers maintain access after initial compromise. These include API keys, OAuth tokens, evil twin integrations (malicious OAuth apps with names nearly identical to legitimate ones), malicious mail rules, link sharing, system integrations, ghost logins, client-side app spoofing, inbound federation, and device enrollment.
The Exfiltration phase shows how attackers extract data using the platform’s own features. The ‘takeout services’ technique leverages built-in data export functionality (like Google Takeout) to download datasets through legitimate API calls. Webhooks, designed for real-time integrations, can become exfiltration channels that push sensitive data to attacker-controlled endpoints. Shadow workflows also enable data exfiltration through legitimate automation features.
The framework’s power lies in its SaaS-specific focus. Traditional security controls built for endpoint protection—antivirus, EDR, network firewalls—are largely blind to these techniques because they operate through legitimate application interfaces using valid authentication. Consent phishing looks identical to a user installing a real productivity app. SAML enumeration is indistinguishable from normal login attempts. Webhook exfiltration uses the same APIs as legitimate integrations.
Gotcha
The repository notes it’s a work in progress with acknowledged gaps—the authors mention needing to fill in references, add examples, and document missing techniques. Many technique pages may lack complete references, real-world examples, or detailed implementation guidance. This is a documentation project, not an exploitation framework—you won’t find ready-to-use tools or scripts. You’ll need to implement the techniques yourself or find separate tools.
More critically, the repository is offense-only. While the stated goal is helping defenders understand threats (the tagline reads ‘Offensive security drives defensive security’), there are no detection signatures, defensive playbooks, or mitigation strategies accompanying each technique. A security team reading about SAMLjacking learns what the attack looks like but gets no guidance on monitoring for SAML assertion anomalies or implementing controls. The framework tells you what’s possible but doesn’t bridge to actionable defense. For blue teams, this creates homework: translating each offensive technique into detection rules, response procedures, and preventive controls for their specific SaaS stack.
Verdict
Use this repository if you’re conducting SaaS-focused penetration testing, red team exercises targeting cloud environments, or security research into OAuth and federated identity attacks. It’s invaluable for purple team programs that need to understand modern cloud-native threats beyond traditional network/endpoint attack vectors. Security architects designing SaaS security controls will find it essential for threat modeling. Use it if you need to educate stakeholders on why traditional perimeter defenses fail against modern SaaS threats. Skip it if you need turnkey exploitation tools—this is an educational framework requiring manual implementation. Skip it if you want defensive guidance or detection rules; the techniques are documented but you’ll need to build your own defenses. Also skip if your security focus remains primarily on-premises infrastructure or if you’re looking for coverage beyond the attack techniques themselves—there’s no tooling, no automation, and no opinionated guidance on which techniques pose the highest risk to your specific environment.
