{
	"id": "08342e3b-fb9f-47fd-b197-6474f30bea9b",
	"created_at": "2026-04-06T01:31:46.67711Z",
	"updated_at": "2026-04-10T03:21:24.737055Z",
	"deleted_at": null,
	"sha1_hash": "b0d529a8386bfb913e24d13da03bfda8ac741437",
	"title": "saas-attacks/techniques/webhooks/description.md at main · pushsecurity/saas-attacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32770,
	"plain_text": "saas-attacks/techniques/webhooks/description.md at main ·\r\npushsecurity/saas-attacks\r\nBy jukelennings\r\nArchived: 2026-04-06 01:12:13 UTC\r\nLatest commit\r\nAug 17, 2023\r\nID: SAT1039\r\nTactics\r\nDefense Evasion\r\nExfiltration\r\nSummary\r\nSome SaaS apps allow webhooks to be configured so callbacks are made when certain events are triggered. For\r\nexample, a webmail platform may allow a webhook callback when a new email is received.\r\nThis is useful to an adversary looking to extract new data as it is created from that API. This could be new emails,\r\nnew files, a real-time view into channels in instant messaging apps, etc.\r\nAdversaries using this technique may also evade detection controls as these are not requests made to the SaaS app\r\n(showing in logs) but rather requests to an attacker app made from the app.\r\nExamples\r\nMicrosoft 365\r\nReferences\r\nMITRE ATT\u0026CK - Exfiltration Over Web Service\r\nSource: https://github.com/pushsecurity/saas-attacks/blob/main/techniques/webhooks/description.md\r\nhttps://github.com/pushsecurity/saas-attacks/blob/main/techniques/webhooks/description.md\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://github.com/pushsecurity/saas-attacks/blob/main/techniques/webhooks/description.md"
	],
	"report_names": [
		"description.md"
	],
	"threat_actors": [],
	"ts_created_at": 1775439106,
	"ts_updated_at": 1775791284,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b0d529a8386bfb913e24d13da03bfda8ac741437.pdf",
		"text": "https://archive.orkl.eu/b0d529a8386bfb913e24d13da03bfda8ac741437.txt",
		"img": "https://archive.orkl.eu/b0d529a8386bfb913e24d13da03bfda8ac741437.jpg"
	}
}