BeyondTrust Unveils Phantom Labs To Boost Identity Security Research
Building on years of real-world threat analysis, vulnerability disclosures, and identity-focused security innovation, Phantom Labs is tasked with 'thinking like an attacker' to expose the ways threat actors escalate access and maintain control. With the addition of new research leadership and specialised hires, Phantom Labs is accelerating the company's ability to help defenders proactively understand, detect, and disrupt identity exploitation in increasingly complex hybrid and cloud environments.
BeyondTrust's expanding research mission is focused on delivering key contributions to the global cybersecurity community: Original threat research and vulnerability discovery
Guidance for defenders, including mitigation playbooks and hardening recommendations
Collaboration with product teams to drive innovation across the BeyondTrust portfolio
Phantom Labs formalises the work of BeyondTrust's existing security researchers, whose investigations have uncovered critical vulnerabilities and provided threat intelligence used in real-world incident response, including key intelligence that helped Okta investigate and contain a high-profile breach.
Recent contributions include: Discovery of stealth privilege escalation risks in Microsoft Entra guest accounts
Development of data science–driven detection models to identify session hijacking
Release of the paths to privilege research framework, now integrated into BeyondTrust's platform
Ongoing collaboration with the Adventures of Alice & Bob podcast to help educate the market about unknown risks and contribute to the global cybersecurity community.
To further accelerate BeyondTrust's identity security innovation and research momentum, BeyondTrust has made strategic new hires and elevated key internal experts into critical roles: Kinnaird McQuade , an industry leading expert in cloud identity security, has joined BeyondTrust as Chief Security Architect. McQuade's security research has produced popular open-source tools including Cloudsplaining, which has been downloaded more than 40 million times. This work has helped shape how modern security teams identify and contain attacks like data exfiltration, lateral movement and privilege escalation, particularly in hybrid and cloud environments where identity is the new perimeter.
, an industry leading expert in cloud identity security, has joined BeyondTrust as Chief Security Architect. McQuade's security research has produced popular open-source tools including Cloudsplaining, which has been downloaded more than 40 million times. This work has helped shape how modern security teams identify and contain attacks like data exfiltration, lateral movement and privilege escalation, particularly in hybrid and cloud environments where identity is the new perimeter. Fletcher Davis, a leading offensive security researcher and red team specialist, will lead Phantom Labs. Davis brings extensive experience in simulating advanced threat actor behavior, uncovering cross-domain identity risks, and exposing hidden paths to privilege in complex enterprise environments.
BeyondTrust's research momentum sits under the overall direction of Marc Maiffret, Chief Technology Officer at BeyondTrust and pioneering force in vulnerability research and cybersecurity innovation. With decades of experience in offensive and defensive security, including discovering some of the first major Microsoft vulnerabilities and co-founding one of the earliest vulnerability management platforms, Maiffret provides a uniquely attacker-informed perspective to the company's mission.
''Think like a hacker.' That mindset shaped my first security startup over 25 years ago, where we helped define Vulnerability Management and built one of the first commercial security research teams,' says Marc Maiffret, CTO, BeyondTrust. 'Great security products require more than customer insight. They need research teams anticipating threats before they emerge. Traditional PAM solutions lag in addressing complex, cross-domain attack paths. And Identity Security isn't a feature you bolt on. It demands a purpose-built platform, led by research. BeyondTrust delivers that with Pathfinder and Phantom Labs—a platform purpose-built to secure identities and access, powered by a team uncovering tomorrow's threats today.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Channel Post MEA
3 days ago
- Channel Post MEA
BeyondTrust Unveils Phantom Labs To Boost Identity Security Research
BeyondTrust has announced the formal launch of its dedicated cybersecurity research team, BeyondTrust Phantom Labs. The launch of Phantom Labs represents a strategic milestone in BeyondTrust's ongoing mission to advance identity security innovation, uncover emerging threats, foster industry collaboration, and help shape industry standards that empower defenders with actionable insights worldwide. Building on years of real-world threat analysis, vulnerability disclosures, and identity-focused security innovation, Phantom Labs is tasked with 'thinking like an attacker' to expose the ways threat actors escalate access and maintain control. With the addition of new research leadership and specialised hires, Phantom Labs is accelerating the company's ability to help defenders proactively understand, detect, and disrupt identity exploitation in increasingly complex hybrid and cloud environments. BeyondTrust's expanding research mission is focused on delivering key contributions to the global cybersecurity community: Original threat research and vulnerability discovery Guidance for defenders, including mitigation playbooks and hardening recommendations Collaboration with product teams to drive innovation across the BeyondTrust portfolio Phantom Labs formalises the work of BeyondTrust's existing security researchers, whose investigations have uncovered critical vulnerabilities and provided threat intelligence used in real-world incident response, including key intelligence that helped Okta investigate and contain a high-profile breach. Recent contributions include: Discovery of stealth privilege escalation risks in Microsoft Entra guest accounts Development of data science–driven detection models to identify session hijacking Release of the paths to privilege research framework, now integrated into BeyondTrust's platform Ongoing collaboration with the Adventures of Alice & Bob podcast to help educate the market about unknown risks and contribute to the global cybersecurity community. To further accelerate BeyondTrust's identity security innovation and research momentum, BeyondTrust has made strategic new hires and elevated key internal experts into critical roles: Kinnaird McQuade , an industry leading expert in cloud identity security, has joined BeyondTrust as Chief Security Architect. McQuade's security research has produced popular open-source tools including Cloudsplaining, which has been downloaded more than 40 million times. This work has helped shape how modern security teams identify and contain attacks like data exfiltration, lateral movement and privilege escalation, particularly in hybrid and cloud environments where identity is the new perimeter. , an industry leading expert in cloud identity security, has joined BeyondTrust as Chief Security Architect. McQuade's security research has produced popular open-source tools including Cloudsplaining, which has been downloaded more than 40 million times. This work has helped shape how modern security teams identify and contain attacks like data exfiltration, lateral movement and privilege escalation, particularly in hybrid and cloud environments where identity is the new perimeter. Fletcher Davis, a leading offensive security researcher and red team specialist, will lead Phantom Labs. Davis brings extensive experience in simulating advanced threat actor behavior, uncovering cross-domain identity risks, and exposing hidden paths to privilege in complex enterprise environments. BeyondTrust's research momentum sits under the overall direction of Marc Maiffret, Chief Technology Officer at BeyondTrust and pioneering force in vulnerability research and cybersecurity innovation. With decades of experience in offensive and defensive security, including discovering some of the first major Microsoft vulnerabilities and co-founding one of the earliest vulnerability management platforms, Maiffret provides a uniquely attacker-informed perspective to the company's mission. ''Think like a hacker.' That mindset shaped my first security startup over 25 years ago, where we helped define Vulnerability Management and built one of the first commercial security research teams,' says Marc Maiffret, CTO, BeyondTrust. 'Great security products require more than customer insight. They need research teams anticipating threats before they emerge. Traditional PAM solutions lag in addressing complex, cross-domain attack paths. And Identity Security isn't a feature you bolt on. It demands a purpose-built platform, led by research. BeyondTrust delivers that with Pathfinder and Phantom Labs—a platform purpose-built to secure identities and access, powered by a team uncovering tomorrow's threats today.'
TECHx
4 days ago
- TECHx
Phantom Labs Boosts BeyondTrust's Cyber Research
Home » Emerging technologies » Cyber Security » Phantom Labs Boosts BeyondTrust's Cyber Research BeyondTrust, has announced the official launch of its dedicated cybersecurity research team, BeyondTrust Phantom Labs™. This move marks a significant milestone in BeyondTrust's mission to enhance identity security and advance threat analysis. Phantom Labs aims to uncover emerging cyber threats, support industry collaboration, and shape global security standards. The team builds on years of experience in real-world threat analysis, vulnerability disclosures, and identity-focused innovation. According to BeyondTrust, Phantom Labs will adopt an attacker mindset to reveal how threat actors escalate access and maintain control. The company also revealed that new research leadership and strategic hires will accelerate this effort. The research team is expected to help defenders proactively detect and disrupt identity exploitation across hybrid and cloud environments. BeyondTrust's research goals include:• Original threat research and vulnerability discovery• Defender guidance such as mitigation playbooks • Driving innovation across the BeyondTrust product portfolio The company reported that Phantom Labs formalizes the work of existing researchers who have helped uncover critical vulnerabilities and contributed to real-world incident response. One such case involved key intelligence provided to Okta during a high-profile security breach. Recent research contributions include:• Discovery of stealth privilege escalation risks in Microsoft Entra guest accounts• Development of detection models to identify session hijacking • Integration of the Paths to Privilege research framework into the BeyondTrust platform BeyondTrust also continues to collaborate with the Adventures of Alice & Bob podcast to raise awareness about cybersecurity risks. To strengthen Phantom Labs, the company announced several strategic appointments. Kinnaird McQuade has joined as Chief Security Architect. He is known for developing Cloudsplaining, a popular open-source tool that supports detection of data exfiltration and privilege escalation in hybrid and cloud environments. Fletcher Davis has been appointed to lead Phantom Labs. He is a red team expert with deep experience in simulating threat actor behavior and exposing hidden identity risks. The company's research strategy is overseen by Marc Maiffret, BeyondTrust's Chief Technology Officer. Maiffret is a veteran in cybersecurity and vulnerability research. He helped pioneer the first commercial security research teams more than 25 years ago. Maiffret stated that traditional PAM solutions often fall short when dealing with complex, cross-domain attack paths. He emphasized that identity security requires a dedicated platform backed by research. BeyondTrust says it is meeting that challenge with its Pathfinder platform and Phantom Labs, combining purpose-built tools with deep threat analysis to secure identities and access across modern enterprise environments.
The National
21-07-2025
- The National
US warns about Microsoft Sharepoint cyber vulnerability
A cyber security vulnerability in Microsoft 's SharePoint collaboration software has been added to the US Cybersecurity and Infrastructure Security Agency (Cisa) exploitation list as customers deal with the potential fallout. Computer security experts say hackers have exploited the loophole and potentially compromised private and public computer networks in the US. The individual or groups behind the software exploitation is not yet known. 'The incident reveals the growing sophistication of threat actors who have gained internal access to an environment and can now leverage existing resources (like Microsoft Exchange, SharePoint,) to conduct nefarious missions beyond just ransomware attacks, like 'wiper' malware that deletes data,' said Morey Haber, a chief security adviser at cyber security company BeyondTrust. Mr Haber said Microsoft appears to have responded quickly once the vulnerability to Sharepoint was identified, but added that for some, it might be too little, too late. 'Considering the speed of exploitation, some organisations may be waking up Monday morning to a fresh series of attacks,' he explained. The various editions of Microsoft Sharepoint are also making it more difficult to provide a one-size-fits-all solution. Microsoft pointed out that it released a security update for SharePoint 2019, and that other fixes would be on the way. 'We are actively working on updates for SharePoint 2016,' the Redmond, Washington software company posted on X. Santiago Pontiroli, lead researcher at cyber protection company Acronis, shared more some perspective as to the scale and affect of the cyber attack. 'This incident continues a trend of high-impact attacks against Microsoft infrastructure, including the Exchange mass exploitation in 2021 and the 2023 cloud email breach,' he said. 'Over the past several years, state-aligned and advanced persistent threat groups have repeatedly abused vulnerabilities in Microsoft platforms to gain initial access, steal sensitive data, and establish long-term footholds in enterprise networks.' Microsoft does, however, invest heavily in trying to prevent such breaches from occurring. Federal law enforcement agencies regularly work with the company and have a presence at the company's cyber crime centre in Redmond. That said, Mr Pontiroli pointed out that cyber security is a continuing game of whack-a-mole, and that companies and entities using Sharepoint should take it seriously. 'Organisations still running on-premises SharePoint need to act now,' he said. 'Apply the latest updates, monitor for signs of compromise, and assume exposure if systems were only partially patched.'
