Dan Abramov
Dan Abramov is a security researcher at Token, specializing in Non-Human Identity (NHI) security. With a rich background in both offensive and defensive cybersecurity, Dan spent five years in Unit 8200. Following his service, he worked for two years at Mitiga as an incident responder, focusing on Cloud native attacks and defense mechanisms. Dan plays the piano and Saxophone, is a great dancer and loves any kind of sports.
Session
Knowing who are the owners of identities is crucial for proper identity management and incident response. However, As IAM is increasingly being managed in infrastructure-as-code frameworks, it is becoming harder to answer questions of identity ownership. Platform audit logs (e.g. CloudTrail, Entra ID audit logs) are no longer enough to identify who were the human users that created or managed specific identities.
In this talk, we will share our experience in tackling the challenge of unraveling IaC-based ownership, utilizing data sources such as IaC codebases and CI/CD logs, using static code analysis, heuristics and LLMs.