Overview
Explore the world of Identity and Access Management (IAM) from a penetration tester's perspective in this comprehensive conference talk. Delve into passive intelligence gathering techniques, including the use of Pastebin, password analysis, and social media quizzes. Examine various attack vectors and challenges in IAM, such as provisioning and deprovisioning processes, attribute management, and help desk vulnerabilities. Learn about red team strategies, document metadata analysis, and technology stack considerations. Discover practical tools for setting up a home lab and gain insights into two-factor authentication and social media security. Enhance your understanding of IAM security through hands-on examples and real-world scenarios presented by experienced security professional Jerod Brennen.
Syllabus
Intro
Jerods background
F5 report
Passive intelligence gathering
Pastebin
Passwords
Social Media Quizzes
Software as a Service
Attack vectors
The challenge
Provisioning deprovisioning
Attributes
Help Desk
Red Team
Document Metadata
Technology Stack
Password Spray
Home Lab Tools
TwoFactor
Facebook
Social Media Quiz