Session Abstract

In today's dynamic threat landscape, adversaries increasingly target tokens over passwords. Join me in this interactive session, where I delve into the functionality and use cases of tokens. I will explore the inner workings of different tokens, how they enable Single Sign-On (SSO) in your environment, and contain permission and authentication claims. Throughout the session, I will provide a hands-on demonstration of real-life examples of token theft, shedding light on the evolving tactics employed by cyber adversaries. Key Session Highlights: Token Functionality: Gain insights into how tokens function, with a focus on access tokens and their role in facilitating SSO within your environment. Real-Life Examples: Witness practical demonstrations of token theft scenarios, illustrating the potential risks and vulnerabilities associated with this form of attack. Proactive Measures: Discover proactive measures and detection strategies against token-centric attacks. Learn how organizations can fortify their defenses to mitigate the risks posed by token compromise. Don't miss this opportunity to enhance your understanding of token security, uncover potential threats, and explore effective defense strategies against evolving cyber threats.

Robbe Van den Daele

I'm Robbe, an information security professional driven by a genuine passion for my work. My focus lies in Cloud Security, Purple Teaming, Microsoft Security Solutions, and the powerful MITRE ATT&CK framework. With a strong foundation in computer science, I've delved into the intricacies of information security, mastering technical aspects and procedural complexities. Cloud security became my niche, where I secure data, design resilient architectures, and implement robust measures. As a purple teamer, I excel at detecting and mitigating cybersecurity threats, identifying vulnerabilities, and fortifying defenses. I've embraced the invaluable MITRE ATT&CK framework, consulting organizations on understanding adversaries and strengthening their security posture. I'm driven by a thirst for knowledge, constantly staying ahead of industry trends through engagement with information security communities, conferences, and continuous learning.