They Skipped the Login Entirely: Detecting the ShinyHunters Attack on PeopleSoft
What This Webinar Is About
No phishing email. No cracked password. No MFA prompt. ShinyHunters chained an unauthenticated zero-day (CVE-2026-35273) straight into Oracle PeopleSoft, harvested credentials, and walked out with the data. Oracle has shipped a patch — but here's the catch: the exploit was never the part MFA was watching, and once they were in, the theft looked perfectly "authenticated" to native monitoring. This is the attack your front door was never built to stop. So we're skipping the front door. Pathlock walks the full attack chain — RCE → credential harvest → SSH → exfiltration — and the controls that actually catch it: IP and admin-access lockdowns, least-privilege guardrails, immutable logging, behavioral analytics, and a live demo of AI-driven investigation. Authentication is one layer. This hour is everything that comes after.
What You Will Learn
- How they got in without a credential — the CVE-2026-35273 chain, and why MFA and SSO were never in the path
- What to lock down now — block the confirmed attacker IPs, restrict admin access to trusted networks, rotate exposed service accounts
- How detective controls, immutable logging, and behavioral analytics surface the activity native PeopleSoft monitoring misses
- A live demo of threat detection and incident investigation in PeopleSoft
- green-checkbox How AI-assisted investigation speeds response and audit readiness after an incident
