Eliav Livneh
Eliav Livneh is a cybersecurity expert with over twelve years of defensive and offensive security experience. He is a founding researcher at Token, specializing in identity security. Prior to Token, Livneh spent five years in the elite 8200 unit of the Israel Defense Forces' Intelligence Corps, and four years as a founding researcher at Hunters, focusing on AWS threat detection and response. Livneh has a piano cover channel on YouTube, enjoys cycling, and is a geoscience enthusiast.
Session
Knowing who are the owners of identities is crucial for proper identity management and incident response. However, As IAM is increasingly being managed in infrastructure-as-code frameworks, it is becoming harder to answer questions of identity ownership. Platform audit logs (e.g. CloudTrail, Entra ID audit logs) are no longer enough to identify who were the human users that created or managed specific identities.
In this talk, we will share our experience in tackling the challenge of unraveling IaC-based ownership, utilizing data sources such as IaC codebases and CI/CD logs, using static code analysis, heuristics and LLMs.