The Adversaries leverage the attack surface complexity to their advantage. They look for the shortest and easiest attack path to access high-value targets quickly before they are detected. It is a race of time between the attacker and the defender, during this talk, we gonna explain how the permission default used in many integrations can give advantages to the attackers mainly in Cloud, and how the attacker can use true permission, to escalate privilege in the cloud, explaining differences between Attack Vector vs Attack Path and what would be the shortest path used by the attacker that probably focuses to have the success!.