2025-06-30 –, Room 1
Knowing who are the owners of identities is crucial for proper identity management and incident response. However, As IAM is increasingly being managed in infrastructure-as-code frameworks, it is becoming harder to answer questions of identity ownership. Platform audit logs (e.g. CloudTrail, Entra ID audit logs) are no longer enough to identify who were the human users that created or managed specific identities.
In this talk, we will share our experience in tackling the challenge of unraveling IaC-based ownership, utilizing data sources such as IaC codebases and CI/CD logs, using static code analysis, heuristics and LLMs.
Dan Abramov is a security researcher at Token, specializing in Non-Human Identity (NHI) security. With a rich background in both offensive and defensive cybersecurity, Dan spent five years in Unit 8200. Following his service, he worked for two years at Mitiga as an incident responder, focusing on Cloud native attacks and defense mechanisms. Dan plays the piano and Saxophone, is a great dancer and loves any kind of sports.
Eliav Livneh is a cybersecurity expert with over twelve years of defensive and offensive security experience. He is a founding researcher at Token, specializing in identity security. Prior to Token, Livneh spent five years in the elite 8200 unit of the Israel Defense Forces' Intelligence Corps, and four years as a founding researcher at Hunters, focusing on AWS threat detection and response. Livneh has a piano cover channel on YouTube, enjoys cycling, and is a geoscience enthusiast.