CHCon 2023

One Trust, Zero Trust, Red Trust, Blue Trust
2023-11-25 , Ngaio Marsh Theatre

In this talk, we'll explore some novel techniques you can use to break and bypass zero trust security controls. We aim to share with you actionable techniques we've explored, orchestrated or defended against in the wild. This goes beyond the basics but looks at thinking outside the box to exploit flaws in how these networks are designed. These networks are often architected to be perfect, but they rarely end up that way due to business needs. We'll share common flaws we've seen in how they are built and how to exploit them as a part of operation.

This should help red teamers explore new potential attack surfaces and confidently target zero trust networks without resorting to malware for initial access in every operation. There'll also be some valuable pointers to fend off common mistakes we see when building out these networks, so there will also be some helpful info for the blue teamers.

Kane is a technical engineering manager with an unwavering passion for all things zero trust. With over a decade of experience in building (and breaking) corporate networks. Kane dabbled in the realms of IT and DFIR before going on to lead the enterprise security teams at companies like Atlassian, Shopify, and now Canva.

Clancy, a senior red team engineer at Atlassian, began his journey as a detection engineer before transitioning to offensive security. Throughout his tenure, he has orchestrated numerous successful operations aimed at simulating adversarial behaviour and enhancing Atlassian's overall security posture.