BlackHat USA 2022: IAM The One Who Knocks

At BlackHat USA, the Ermetic Research Team presented the hidden risks of managing identities and access in a multicloud environment.

Ermetic Team By Ermetic Team

The Ermetic research team recently presented at BlackHat USA. At their session, they took a deep dive into the hidden risks of managing identities and access in a multi-cloud environment. They exposed access flaws and misconfigurations that attackers can easily abuse to gain access to confidential and sensitive information. They went on to explain the inner workings of each cloud provider's Identity and Access Management (IAM) layers and highlight the differences between each cloud service. They also demonstrated how inconsistent entitlements across cloud resources and services can lead to unintended access and how accountability confusion in the shared responsibility model can enable privilege escalation.

Full abstract and presentation materials can be found here.

Presented by Igal Gofman & Noam Dahan of the Ermetic Research Team