Monday, October 30 • 2:15pm - 3:00pm
Credential Sharing as a Service: the Dark Side of No Code

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Why focus on heavily guarded crown jewels when you can dominate an organization through its shadow IT?
Low-Code applications have become a reality in the enterprise, with surveys showing that most enterprise apps are now built outside of IT, with lacking security practices. Unsurprisingly, attackers have figured out ways to leverage these platforms for their gain.

In this talk, we demonstrate a host of attack techniques found in the wild, where enterprise No-Code platforms are leveraged and abused for every step in the cyber killchain. You will learn how attackers perform an account takeover by making the user simply click a link, move laterally and escalate privileges with zero network traffic, leave behind an untraceable backdoor, and automate data exfiltration, to name a few capabilities. All capabilities will be demonstrated with POCs, and their source code will be shared.

avatar for Michael Bargury

Michael Bargury

Co-Founder and CTO, Zenity
Michael Bargury is a security researcher passionate about all things related to cloud, SaaS and low-code security, and spends his time finding ways they could go wrong. He is the Co-Founder and CTO of Zenity, where he helps companies secure their low-code/no-code apps. In the past... Read More →

Monday October 30, 2023 2:15pm - 3:00pm EDT
Room: Independence Ballroom A-E