Emerging threats against cloud application identities and what you should do about it

Presented at Canterbury Hacker Camp (2022), Nov. 25, 2022, 7 p.m. (Unknown duration)

In this session, you will learn about attacks against application identities, how to detect these attacks as well as how to recover and defend your application identities going forward against these emerging threats. Just like with user accounts, organizations will need to address application identities that are compromised whether through a compromised administrator, credentials-in-code, or a malicious application pretending to be legitimate. The basic attack vectors will be familiar to defenders but the process to detect, protect and recover are slightly different when dealing with an application instead of a person.

Presenters:

• Sarah Young - Microsoft
  Sarah is a Senior Cloud Security Advocate working at Microsoft. She has lived all over the place but currently calls Melbourne home. Sarah has over a decade of experience in tech and is particularly interested in cloud security, container security and good ol' fashioned networking and infrastructure security (having previously worked as a network and voice engineer). Sarah spends most of her spare time speaking at security conferences in various parts of the world, eating hipster brunches and high teas and spending a disproportionate amount of her income on her three dogs.

Links:

• https://2022.chcon.nz/speakers/sarah/

Similar Presentations:

• Black Hat USA 2022 / Backdooring and Hijacking Azure AD Accounts by Abusing External Identities
• Blue Team Con 2022 / Hunting down rogue Managed Identities
• CarolinaCon 1 (2005) / Application Hacking