2024 SANS CloudSecNext Summit - JoeyTaubert/Cyber-Summits-Conferences-Talks GitHub Wiki
John Walker - Defense in Depth in the Cloud
Director of Security Research at BeyondTrust
1. Poorly-Implemented MFA
IAM anti-patterns...? "Identity defense in depth is the boring thing that stops most breaches
We need to create an environment where one mistake does not cost us a breach.
Preventing lateral movement from initial compromised account to a more permissive account.
Service principle?? (look up what it means) They use the service principle to do 2 things, create an account and an enterprise application. They will log in and grant access to that app. It is given one permission on the same level as a domain admin. All this control from one API permission.
Account security is only as strong as your MFA's WEAKEST LINK. "FIDO2 + SMS = SMS"
User-generated API Tokens are widespread and allow MFA bypass.