This presentation breaks down the attack methodology used by ShinyHunters to compromise Salesforce environments at well-known organizations. Participants will see how attackers weaponized legitimate OAuth flows and API integrations to steal sensitive data while remaining virtually invisible to traditional security controls. The session also explains why API-based exfiltration is difficult to detect without specialized monitoring like Vorlon and provides actionable steps teams can implement immediately to protect Salesforce and other SaaS applications.

In this session you will:

• Learn how attackers abuse legitimate authentication flows to target Salesforce
• Understand why most organizations lack sufficient visibility into SaaS API activity
• Explore how continuous monitoring of both human and non-human identities, with focus on OAuth applications, strengthens defense