The invisible key: Securing the new attack vector of OAuth tokens

Name: The invisible key: Securing the new attack vector of OAuth tokens
Start: 2026-01-31T14:00:00
End: 2026-01-31T14:00:00
Location: UB5.132

UB5.132 | Day 1 | 14:00 - 14:25 | Speakers: Gianluca Varisco

Copy link

Copy link

Open in browser

Notes

Abstract

OAuth tokens are the new crown jewels. Once issued, they bypass MFA and give API-level access that is hard to monitor. The opaque nature of their use and the difficulty in monitoring their activity create a dangerous blind spot for security teams, making them a primary target for attackers. This presentation will delve into the lifecycle of OAuth tokens, explore real-world attack vectors, and provide actionable strategies for protecting these high-value assets. We will also review the tactics, techniques, and procedures (TTPs) of notorious gangs like ShinyHunters and Scattered Spider, as demonstrated in the 2025 Salesforce attacks.

Speakers

Gianluca Varisco

Gianluca was the former CISO of Rocket Internet, where he oversaw IT infrastructure and cybersecurity for companies with over EUR 2B in revenue. He later led national security efforts for Italy’s Digital Transformation Team, served as CISO of Arduino, and most recently was Principal Security Architect and public spokesperson for Google Cloud. He recently started Netsec, a cybersecurity and managed IT services provider dedicated to protecting businesses from digital threats.

External Links

Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.