Cracking the Identity Perimeter: Towards a Unified Access Control Model | SO-CON 2025

Presented by Will Schroeder and Jared Atkinson. With attackers moving from “cracking the perimeter” to “cracking the identity”, access control for SaaS applications and their interaction with identity directories remain a common blind spot for defenders. Access control systems of individual applications, SaaS providers, and identity providers do NOT exist in isolation- everything is connected, and our focus on securing systems in isolation has allowed for numerous compromises. This talk will discuss our efforts at moving towards a unified identity-based model spanning all access control systems. Along the way we’ll touch on the “clean source principle”, the evolution of “assume breach”, and will argue that the integration of local access graphs with the global directory graph is a better representation of an organization’s risk towards identity-driven attacks. We’ll finish with multiple demos showing the integration of GitHub and Snowflake access control into the BloodHound graph. Slides: https://github.com/SpecterOps/presentations/tree/main/SO-CON%202025/Jared%20Atkinson%20and%20Will%20Schroeder%20-%20Cracking%20the%20Identity%20Perimeter%20-%20Towards%20a%20Unified%20Access%20Control%20Model SO-CON: https://specterops.io/so-con This talk was recorded on Monday, March 31, 2025 at SO-CON 2025.