Bsides2024 : Jason Haddix : Tales from the Breach
ฝัง
- เผยแพร่เมื่อ 19 พ.ค. 2024
- In 2022, my org was breached by Lapsus$. We had a multimillion-dollar budget, all the products, all the bells and whistles, copious staff, etc. After the dust settled, I became obsessed with understanding how so many modern orgs had been breached in 2022. I scheduled CISO 1-1's with everyone I knew. With those I didn't know, I dove deep into the breach notifications and articles. Patterns started to emerge. Join me in discussing notes and stories from my outreach. Topics: 2FA Failure, FIDO, IAM, Github/Gitlab Security, User Awareness Training, Threat Intelligence, Supply Chain Security, Assets and risk registers, common activities post-breach (cred-rolls, breach notifications), priority segmentation for internal networks (protecting internal web control panels), bug bounty, ++
![[TH] 2024 PMSL SEA GF D2 | Summer | ร่วมส่งแรงใจ เชียร์ไทยไปพร้อมกัน](http://i.ytimg.com/vi/dN2gLsCJ0T0/mqdefault.jpg)
Sad the animation wasnt playing. Best demonstration hah