Hacking Identity - A Pen Tester's Guide to IAM - Jerod Brennen
Offered By: YouTube
Course Description
Overview
Explore the intricacies of Identity and Access Management (IAM) security through a penetration tester's perspective in this conference talk from Converge 2018. Delve into the still-relevant attack surface of IAM systems, learning a comprehensive eight-step pen testing process. Examine the user lifecycle, traditional roles in IAM, and essential OSINT gathering techniques. Uncover strategies for extracting valuable information from document metadata, executing password spraying attacks, and exploiting password self-service features. Gain insights on analyzing and reducing external attack surfaces, tightening administrative privileges, and implementing robust detection mechanisms. Emphasize the importance of logging and monitoring in Windows environments, and reinforce fundamental security principles to enhance overall IAM defenses.
Syllabus
Intro
STILL RELEVANT
LET'S TALK ATTACK SURFACE
PEN TESTING TEN EIGHT STEP PROCESS
USER LIFECYCLE
WHO (TRADITIONALLY) DOES WHAT
OSINT GATHERING
DOCUMENT METADATA
WHAT ARE WE LOOKING FOR AGAIN
PASSWORD SPRAYING
ONCE YOU'RE IN...
PASSWORD SELF-SERVICE
ANALYZE YOUR EXTERNAL ATTACK SURFACE
REDUCE SAID ATTACK SURFACE
TIGHTEN UP ADMIN PRIVILEGES
DETECTION IS KING
LOGGING AND MONITORING - WINDOWS
FUNDAMENTALS FTW
Related Courses
Web App Testing - EnumerationCyber Mentor via YouTube Ethical Hacking in 15 Hours - 2023 Edition - Learn to Hack
Cyber Mentor via YouTube I Simulate Therefore I Catch - Enhancing Detection Engineering with Adversary Simulation
YouTube Pen Test War Stories - Why My Job Is So Easy and How You Can Make It Harder
YouTube CrackMapExec Owning Active Directory by Using Active Directory
YouTube