2025-10-05 –, ENG 103
Join Damien, Threat Researcher at Obsidian Security, as he spins a tale of how the infamous hacker collective known as Scattered Spider wove their way through SaaS to ensnare their prey—all in under 24 hours.
Scattered Spider has emerged as one of the most notable threats in recent years, unique in both their methods and the speed with which they strike. What sets them apart from other actors is their skill in exploiting human vulnerability, along with their deep knowledge of SaaS platforms like Okta and Microsoft 365.
During my time at Obsidian, I’ve observed several incidents attributed to Scattered Spider and related groups—specifically from the SaaS side—while working alongside our incident response partners. Every case I’ve researched has revealed new tactics, techniques, and tools, deepening my understanding of this evolving threat.
This talk will walk you through one of the more interesting breaches I’ve seen, presented in story format. We’ll explore how they got in, what they did, and the impact on the victim—without putting you to sleep with excessive technical jargon.
Will it be educational? Probably. Will it be entertaining? That’s the goal!
Damien works as a Threat Researcher at Obsidian Security where he specializes in SaaS security and ITDR. He publishes original research and ramblings on his blog, cybercorner.tech, and maintains several projects such as the Osprey PowerShell module and the HoneyTenant CTI project. In his free time you can find him spending time with his flock of birds, making terrible art, or getting into trouble on the internet.