Recording of my SO-CON 2026 talk, co-presented with Lance Cain:

Security specialists and end users appreciate the convenience of single sign-on (SSO) technologies like Okta. Unfortunately, attackers do too. We will explore how compromised human or machine identities can lead to hybrid attack paths that begin in Active Directory, move through Okta, and reach critical assets such as Git repositories, CI/CD pipelines, cloud storage, or enterprise password managers. We will also demonstrate how adversaries can deliver payloads to macOS devices by leveraging Okta and third-party MDMs.

SO-CON 2026 slide deck