In this session we talk about Salesloft Drift and the implications of OAuth based attacks. Companies use Drift with Salesloft to automate lead capture + sales workflows into Salesforce.com. Enter Nation State threat actor UNC6395, who was able to steal the tokens and gain a backdoor into Salesforce via these OAuth tokens. 

We then dive into the Evolution of Cloud Based Attacks, where threat actors like Storm-0501 are moving away from noisy, on-prem encryption and pivoting to the cloud—where exfiltration, data destruction, and extortion can all happen without dropping a single payload. Add to that the rise of extortion-only campaigns, and we’re looking at an evolution that defenders need to understand right now.

Special guests:

MacKenzie Brown, VP of APG at Blackpoint

Charles Buck, Founder and CTO of SaaS Alerts

Chris Loehr, DFIR Exerpt

Phyllis Lee, VP of Content at CIS