The Adversaries leverage the attack surface complexity to their advantage. They look for the shortest and easiest attack path to access high value targets quickly, before they are detected. It is a race of time between the attacker and the defender, during this talk we gonna explain how the permission default used in many integrations can give advantages to the attackers mainly in Cloud such as AWS, OKTA, Azure AD among others explaining differences between Attack Vector vs Attack Path and what would be the shortest path used by the attacker that probably focuses to have the success!.