YoVDO

Hacking Identity - A Pen Tester's Guide to IAM

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Penetration Testing Courses Social Engineering Courses Identity and Access Management (IAM) Courses Data Breaches Courses Password Spraying Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a comprehensive guide to Identity and Access Management (IAM) pen testing in this 58-minute conference talk from BSides Cleveland 2018. Delve into lessons learned from a decade of data breaches, attack surface analysis, and the eight-step pen testing process. Examine user lifecycle management, traditional roles, and OSINT gathering techniques. Learn about password spraying, social engineering attack scenarios, and self-service password management. Discover strategies to analyze and reduce external attack surfaces, tighten admin privileges, and implement effective detection mechanisms. Gain insights on misdirection tactics and reinforce fundamental security principles to enhance your organization's IAM defenses.

Syllabus

Intro
FS: LESSONS LEARNED FROM A DECADE OF DATA BREACHES
LET'S TALK ATTACK SURFACE
PEN TESTING TEN EIGHT STEP PROCESS
TLA'S AND FLA'S
USER LIFECYCLE
WHO (TRADITIONALLY) DOES WHAT!
OSINT GATHERING
DOCUMENT METADATA
WHAT ARE WE LOOKING FOR AGAIN?
PASSWORD SPRAYING
SOCIAL ENGINEERING (SE)
SE ATTACK SCENARIOS
PASSWORD SELF-SERVICE
SELF-REGISTRATION
ANALYZE YOUR EXTERNAL ATTACK SURFACE
REDUCE SAID ATTACK SURFACE
TIGHTEN UP ADMIN PRIVILEGES
DETECTION IS KING
MISDIRECTION
FUNDAMENTALS FTW


Related Courses

Web App Testing - Enumeration
Cyber Mentor via YouTube Ethical Hacking in 15 Hours - 2023 Edition - Learn to Hack
Cyber Mentor via YouTube I Simulate Therefore I Catch - Enhancing Detection Engineering with Adversary Simulation
YouTube Pen Test War Stories - Why My Job Is So Easy and How You Can Make It Harder
YouTube CrackMapExec Owning Active Directory by Using Active Directory
YouTube