Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Abusing OIDC Authentication for Cloud Security Vulnerabilities

DEFCONConference via YouTube

Overview

Explore a comprehensive security conference talk that delves into the vulnerabilities and potential exploits within OpenID Connect (OIDC) implementations in cloud environments. Learn the fundamentals of OIDC, including its core components and interactions between different entities, particularly in CI/CD workflows. Discover various attack vectors stemming from misconfigurations and under-configurations, from both user and Identity Provider perspectives. Examine real-world examples of security vulnerabilities, including a significant finding in a major CI vendor that enabled unauthorized access to customer cloud environments. Master the understanding of OIDC security implications as organizations transition from static credentials to this more modern authentication method, with practical demonstrations of how seemingly secure configuration options can lead to system compromises. Gain insights into how leaked OIDC tokens from a single repository can be leveraged to access private clouds, and understand the security implications of Identity Provider misconfigurations.

Syllabus

DEF CON 32 - OH MY DC Abusing OIDC all the way to your cloud - Aviad Hahami

Taught by

DEFCONConference

Reviews

Start your review of Abusing OIDC Authentication for Cloud Security Vulnerabilities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.