BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: SSO Sloppy\, SSO Suspect\, SSO Vulnerable\n   When: 
 Saturday\, Aug 12\, 11:10 - 11:50 PDT\n   Where: Flamingo - Mesquite - Clo
 ud Village - [1]Map\n\n   SpeakerBio:Jenko Hwong \, Principal Researcher\,
  Threat Research Team at\n   Netskope\n   Jenko Hwong is a Principal Resea
 rcher on Netskope's Threat Research\n   Team\, focusing on cloud threats/v
 ectors. He's spent time in\n   engineering and product roles at various se
 curity startups in\n   vulnerability scanning\, AV/AS\, pen-testing/exploi
 ts\, L3/4 appliances\,\n   threat intel\, and windows security.\n   Twitte
 r: [2]@jenkohwong\n\n   Description:\n   Enterprise SSO protocols and vend
 or implementations continue to evolve\n   for the worse\, as we've gone fr
 om SAML to OAuth to MUVP\n   (Made-Up-Vendor-Protocol).\n\n   Attacks agai
 nst SSO started with the Golden SAML attack (Cyberark\,\n   11/2017)\, whi
 ch used stolen certificates to spoof SAML responses\,\n   recently used in
  the SolarWinds hack in 2020. Recently\, OAuth has been\n   used to implem
 ent SSO\, and new POC identity attacks have been\n   published such as gai
 ning access to a Facebook account that uses Gmail\n   as the SSO identity 
 provider via OAuth 2.0 (Sammouda\, 5/2022)\,\n   utilizing the chaining of
  traditional web vulnerabilities such as XSS\n   with the design of the OA
 uth protocol in order to steal OAuth session\n   tokens. AWS's SSO impleme
 ntation mixes SAML\, OAuth\, and traditional\n   AWS access keys. And Micr
 osoft and Google also use custom OAuth to\n   implement SSO among their ap
 p suites.\n\n   This protocol soup opens up more areas for abuse by attack
 ers with key\n   benefits: remotely-enabled attacks by design without need
  for endpoint\n   compromise\, near-permanent access\, no need to go throu
 gh MFA\n   challenges\, and incomplete controls for in preventing\, detect
 ing\, and\n   responding to these attacks.\n\n   We will demonstrate how t
 hese attacks work\, what's different\, how the\n   underlying SSO protocol
 s and features are abused\, and where defensive\n   measures fail.\n\n   '
 \n\n   1. #FlamingoThirdFloor\n   2. https://twitter.com/jenkohwong\n\n\n
DTEND:20230812T185000Z
DTSTART:20230812T181000Z
LOCATION:CLV - Flamingo - Mesquite - Cloud Village
SUMMARY:SSO Sloppy\, SSO Suspect\, SSO Vulnerable
END:VEVENT
END:VCALENDAR