Many organizations have progressed to increasingly cloud heavy infrastructures, changing the game for security professionals of all stripes. While identity attacks have existed for a long time, it was primarily used as the first step in the path to initial access into a secured network. In modern environments, identity attacks can be used to fully compromise an environment. The first half of this talk will focus on this in the context of Azure and Entra ID to showcase how compromised identity tokens can cause havoc in modern environments. Topics will include OAuth with Refresh Tokens in particular, Device Code Phishing, Entra ID applications, Microsoft Graph and some attack tools.
The second half of this talk will focus on engineering defenses for cloud environments. It will discuss the unique challenges of protecting the cloud, why the cloud providers are unable to solve these problems alone, why multicloud makes matters even more difficult, and how your organization can take practical measures to mitigate the impact of cloud incidents. The presentation will include case studies of real breaches that were made much worse due to a lack of defense-in-depth. Learn how to prevent real attacks with controls that matter.
