🧪 Experimental Feature

Focus Areas are an experimental feature that groups related content by tags. This page and its functionality may change as we refine the categorization system.

🪪 Identity & Access Management

Identity management and access control

Contributors

Talks

Tool Demos

Panels

Awards

All Entries (63 total, sorted by date)

Date	Type	Conference	Title	Speaker(s)	Tags
2025-08-07	Tool demo	Blackhat	AzDevRecon - Azure DevOps Enumeration Tool	Raunak Parmar	#azure #devsecops #iam
2025-06-02	Talk	Confidence	Adversarial Phishing: Defeating Security Barriers and AI-Driven Countermeasures	Himanshu Sharma, Rahul Vashista	#phishing #red-teaming #mfa+1
2025-03-13	Talk	Insomnihack	Beyond LSASS: Cutting-Edge Techniques for Undetectable Threat Emulation	Priyank Nigam	#post-exploitation #lateral-movement #identity-management
2024-12-11	Tool demo	Blackhat	Active Directory Cyber Deception using Huginn	Rohan Durve, Paul Laine	#active-directory #incident-management #network-forensics+1
2024-11-21	Talk	Securityfest	UnRegister Me - Advanced Techniques for hunting and securing user registration vulnerabilities	Priyank Nigam	#web-security #appsec #iam
2024-11-16	Talk	C0c0n	Active Directory Deception Strategies	Madhukar Raina, Sayan Mitra	#active-directory
2024-10-23	Talk	Blackhat	Guardians of the OAuth Galaxy: Defending Your Organization from OAuth Application Attacks	Shruti Ranjit, Mangatas Tondang	#blueteam #oauth #application-pentesting+4
2024-09-20	Talk	44con	Unveiling the ghosts of mobile networks: When will old bugs die?	Altaf Shaik	#5g #authentication #encryption+3
2024-08-08	Tool demo	Blackhat	Active Directory Cyber Deception using Huginn	Rohan Durve, Paul Laine	#active-directory #incident-management #identity-governance+3
2024-04-18	Talk	Blackhat	Breaking Managed Identity Barriers In Azure Services	Nitesh Surana, David Fiser	#azure #cloud-pentesting #access-management+3
2023-09-28	Talk	Hackinparis	How to have visibility and security OF CICD ecosystem	Pramod Rana	#cicd-security #devsecops #architecture+4
2023-09-28	Talk	Rootcon	Azure Illuminati: Unveiling the Mysteries of Cloud Exploitation	Raunak Parmar	#azure #cloud-pentesting #mfa+4
2023-08-11	Tool demo	Defcon	vAPI : Vulnerable Adversely Programmed Interface	Tushar Kulkarni	#api-security #owasp #authorization
2023-08-10	Tool demo	Blackhat	vAPI: Vulnerable Adversely Programmed Interface	Tushar Kulkarni	#api-security #authorization #security-testing+3
2023-08-06	Talk	C0c0n	A Secure Privacy-Preserving Lightweight Authentication Scheme for Internet of Medical Things	Panchami V, Mahima Mary Mathews	#authentication #data-protection #embedded-security
2023-06-01	Talk	Securityfest	Beyond On-Premises: Exploring the Post-Domain Admin Landscape in the Cloud	Sriraam Natarajan, Venkatraman Kumar	#red-teaming #azure #active-directory+2
2023-05-12	Talk	Blackhat	Abusing Azure Active Directory: From MFA Bypass to Listing Global Administrators	Sravan Akkaram, Nestori Syynimaa	#azure #identity-governance #access-management+1
2023-05-12	Tool demo	Blackhat	GCPGoat : A Damn Vulnerable GCP Infrastructure	Shantanu Kale, Rishappreet Singh Moonga, Ravi Verma, Govind Krishna	#gcp #cloud-pentesting #cloud-workload-protection+4
2022-09-29	Talk	Brucon	0wn-premises: Bypassing Microsoft Defender for Identity	Nikhil Mittal	#red-teaming #active-directory #threat-detection
2022-09-24	Talk	C0c0n	Know Your Organization? : Mapping Entities in Google Workspace	Manish Gupta, Yash Bharadwaj	#gcp #identity-management #access-management+1
2022-09-06	Panel	Nullcon	PAM Maturity From Zero Trust To Least Privilege	Ajay Bongirwar, Charanjit Bhatia, Bala Ramanan	#security-strategy #zero-trust #access-management+2
2022-08-10	Talk	Blackhat	Attacks From a New Front Door in 4G & 5G Mobile Networks	Altaf Shaik, Shinjo Park, Matteo Strada	#api-security #access-management #identity-theft+4
2022-04-08	Panel	Nullcon	Digital Identity In The Age Of Fintech	Sheetal Joseph, Alessandro Avagliano, Guido Reismueller, Benoit Flippen, Travis Carelock	#identity-management #access-management #authentication+4
2021-11-13	Talk	C0c0n	Enhancing An Multi-Factor Authentication (MFA) through Behavioural Biometrics	Kiran Kumar Pg	#authentication #mfa #architecture
2021-11-13	Talk	C0c0n	Exploiting 2A(Authentication and Authorization) Vulnerabilities of Web Application	Gayatri Nayak	#web-security #authentication #authorization+2
2021-11-04	Talk	Ekoparty	DIAL: Did I just alert Lambda? A centralized security misconfiguration detection system	Saransh Rana, Divyanshu Mehta, Harsh Varagiya	#aws #security-monitoring #iam+1
2020-09-18	Talk	C0c0n	Broken Cryptography & Account Takeover	Harsh Bothra	#encryption #ssl #security-testing+2
2020-08-07	Panel	Defcon	D0 N0 H4RM: A Healthcare Security Conversation	Vidha Murthy, Christian Dameff, Jeff Tully, Jessica Wilkerson, Veronica Schmitt, Ash Luft	#data-protection #identity-management #security-training+3
2020-08-06	Tool demo	Blackhat	Dynamic Labs: Windows & Active Directory Exploitation	Rohan Durve	#windows #active-directory #security-training
2019-12-04	Talk	Blackhat	Bring Your Own Token (BYOT) to Replace the Traditional Smartcards for Strong Authentication and Signing	Karthik Ramasamy, Eric Hampshire	#blueteam #smartcard #mfa+4
2019-09-28	Talk	Romhack	Oh! Auth: Implementation pitfalls of OAuth 2.0 & the Auth Providers who have fell in it	Samit Anwer	#oauth #phishing #csrf+2
2019-09-27	Talk	C0c0n	Stepping into Password Less Economy	Ajit Hatti	#authentication #identity-management #secure-development+1
2019-09-23	Talk	Rootcon	Identity crisis: war stories from authentication failures	Vishal Chauhan	#authentication #identity-management #vulnerability-assessment+3
2019-08-10	Talk	Defcon	RACE - Minimal Rights and ACE for Active Directory Dominance	Nikhil Mittal	#active-directory #red-teaming #windows
2019-08-08	Talk	Blackhat	Preventing Authentication Bypass: A Tale of Two Researchers	Ravi Jaiswal, Terry Zhang, Ron Chan	#security-development-lifecycle #identity-management #authentication+4
2019-05-28	Talk	Securityfest	Oh! Auth: Implementation pitfalls of OAuth 2.0 & the Auth Providers who have fell in it	Samit Anwer	#web-security #iam #appsec
2018-10-10	Talk	Brucon	Forging Trusts for Deception in Active Directory	Nikhil Mittal	#windows #active-directory #red-teaming
2018-10-04	Talk	Confidence	Hacking 50 Million users using 123456	Aman Sachdev, Himanshu Sharma	#web-security #authentication #ethical-hacking+2
2018-08-12	Talk	Defcon	Last mile authentication problem: Exploiting the missing link in end-to-end secure communication	Siddharth Rao, Thanh Bui	#encryption #authentication #ipc+1
2018-08-11	Tool demo	Defcon	ADRecon: Active Directory Recon	Prashant Mahajan	#active-directory #windows #reconnaissance+1
2018-08-09	Talk	Blackhat	Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key	Sanchari Das, Andrew C Dingman, Gianpaolo Russo, L Jean Camp	#two-factor-authentication
2018-08-08	Tool demo	Blackhat	ADRecon: Active Directory Recon	Prashant Mahajan	#active-directory #windows #reconnaissance+1
2018-05-30	Talk	Auscert	How to Bypass Authentication & Authorization	Sarwar Jahan	#authentication #authorization #web-security+1
2018-03-22	Tool demo	Blackhat	ADRecon: Active Directory Recon	Prashant Mahajan	#active-directory #windows #reconnaissance+1
2017-09-13	Talk	44con	Red Team Revenge : Attacking Microsoft ATA	Nikhil Mittal	#windows #red-teaming #active-directory+4
2017-08-19	Talk	C0c0n	Trust, the foundation of Digital Mastery	Sunil Varkey	#identity-management #authentication #risk-management+2
2017-07-27	Talk	Blackhat	Evading Microsoft ATA for Active Directory Domination	Nikhil Mittal	#active-directory #red-teaming #security-assessment+1
2017-04-19	Talk	Brucon	Evading Microsoft ATA for Active Directory Domination	Nikhil Mittal	#active-directory #red-teaming #windows
2017-03-03	Talk	Nullcon	Case Study on RFID (proximity cards) hacking	Sarwar Jahan, Ashwath Kumar	#rfid #red-teaming #hardware-embedded+4
2016-08-19	Talk	C0c0n	Kill the password - A new era of authentication	Tamaghna Basu	#authentication #iam #architecture+1
2015-11-05	Talk	Groundzerosummit	Authentication flaw in Automatic Bank Passbook printing machine.	Indrajeet Bhuyan	#authentication #identity-management #application-pentesting+3
2015-10-25	Talk	Toorcon	PixelCAPTCHA – A Unicode Based CAPTCHA Scheme	Gursev Singh Kalra	#web-security #authentication #bypassing
2015-01-27	Talk	Owaspappseccalifornia	The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers	Devdatta Akhawe	#web-security #xss #csrf+2
2014-03-18	Talk	Troopers	Evolution of SIM Card Security	Ravishankar Borgaonkar	#3gpp #gsma #embedded-systems+4
2014-02-14	Talk	Nullcon	o’Dea Assertions - Untwining the Security of the SAML Protocol	Achin Kulshrestha	#authentication #saml #sso+2
2013-03-01	Talk	Nullcon	Inception of graphical passwords	Rishi Narang	#authentication #application-pentesting #secure-development+3
2012-09-26	Talk	Nullcon	How secure is internet banking in India	Ajit Hatti	#web-security #authentication #financial-institutions+1
2012-03-15	Talk	Grrcon	SCADA Security: Why is it so hard?	Amol Sarwate	#scada #ics-security #authentication+2
2012-03-02	Award		CAPTCHA Re-Riding Attack	Gursev Singh Kalra	#web-security #bypassing #authentication
2011-11-17	Award		CAPTCHA Hax With TesserCap	Gursev Singh Kalra	#web-security #bypassing #authentication
2011-10-07	Talk	C0c0n	Password Less Authentication, Authorization	Srikar Sagi	#authentication #authorization #iam
2011-02-25	Talk	Nullcon	Protect infrastructure or protect information – Lessons from Wikileaks	Vishal Gupta	#data-leak #blueteam #data-protection+2
2009-12-04	Talk	Clubhack	Facilitate Collaboration with Information Rights Management	Abhijit Tannu	#information-rights-management #data-protection #application-hardening+4

🧪 Experimental Feature

🪪 Identity & Access Management

Top Contributors

Related Tags (12)

All Entries (63 total, sorted by date)