In 2025, attackers aren’t breaking in through zero-days — they’re logging in. Identity has become the primary attack surface, and once access is gained, everything else happens fast. Today, we’re joined by Chip Buck, CTO of SaaS Alerts — someone who lives at the front lines of identity-based attacks across SaaS platforms every single day. Chip sees how session theft, OAuth abuse, and legitimate-looking logins turn into real business damage for MSPs and their clients. This isn’t a theoretical ...
All content for The CyberCall Podcast is the property of Andrew Morgan and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
In 2025, attackers aren’t breaking in through zero-days — they’re logging in. Identity has become the primary attack surface, and once access is gained, everything else happens fast. Today, we’re joined by Chip Buck, CTO of SaaS Alerts — someone who lives at the front lines of identity-based attacks across SaaS platforms every single day. Chip sees how session theft, OAuth abuse, and legitimate-looking logins turn into real business damage for MSPs and their clients. This isn’t a theoretical ...
Encryption to Extortion, the Evolution of Cloud Based Attacks
The CyberCall Podcast
1 hour 2 minutes
4 months ago
Encryption to Extortion, the Evolution of Cloud Based Attacks
In this session we talk about Salesloft Drift and the implications of OAuth based attacks. Companies use Drift with Salesloft to automate lead capture + sales workflows into Salesforce.com. Enter Nation State threat actor UNC6395, who was able to steal the tokens and gain a backdoor into Salesforce via these OAuth tokens. We then dive into the Evolution of Cloud Based Attacks, where threat actors like Storm-0501 are moving away from noisy, on-prem encryption and pivoting to the cloud—wh...
The CyberCall Podcast
In 2025, attackers aren’t breaking in through zero-days — they’re logging in. Identity has become the primary attack surface, and once access is gained, everything else happens fast. Today, we’re joined by Chip Buck, CTO of SaaS Alerts — someone who lives at the front lines of identity-based attacks across SaaS platforms every single day. Chip sees how session theft, OAuth abuse, and legitimate-looking logins turn into real business damage for MSPs and their clients. This isn’t a theoretical ...
