This week on SysAdmin Weekly, Andy is joined by returning guest Paul Schnackenburg to dive headfirst into one of the most important (and overlooked) topics in modern IT: SaaS Security.

From token theft and malicious OAuth apps to adversary-in-the-middle attacks and the harsh truth about identity becoming the new firewall, we unpack how attackers are adapting to the cloud-first world, and why most orgs are woefully unprepared.

We explore:

- The SaaS cyber kill chain from recon to persistence

- Other real-world security incidents like CitrixBleed2 and the Fortinet hardcoded credentials fiasco

- The dark art of malicious OAuth apps and shadow IT exploitation

- Why EDR and XDR fall short in a SaaS world

- What you can do *right now* to harden your defenses (Hint: MFA is not enough)

This one’s loaded with insights and practical tips, don’t miss it!

## Episode Resources ##

- SysAdmin Weekly Companion Newsletter

- AndyOnTech

- Project Runspace

- CitrixBleed 2

- X Post re: Fortinet Hard-Coded Credentials

- Paul's SaaS Cyber Kill Chain Article