Jump to content


Photo

SAML Post-Intrusion Attack Mirrors 'Golden Ticket'


  • Please log in to reply
1 reply to this topic

#1 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 31,812 posts

Posted 25 November 2017 - 04:32 PM

November 24, 2017 , 10:39 am

SAML Post-Intrusion Attack Mirrors 'Golden Ticket'
by Tom Spring
Categories: Cloud Security, Hacks, Web Security    

A proof-of-concept attack demonstrates how adversaries can abuse the Security Assertion Markup Language framework to go unnoticed and assume multiple user identities.

See details about at:
https://threatpost.c...-ticket/128993/

 

 



#2 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 31,812 posts

Posted 28 November 2017 - 03:44 PM

Read in addition please:

 

GOLDEN SAML attack technique forges authentication to cloud apps

Golden SAML could be exploited by an attacker to create fake enterprise identities and access to valuable cloud resources. Security experts at CyberArk Labs have devised a post-intrusion attack technique dubbed Golden SAML that could be exploited by an attacker...

November 25, 2017  By Pierluigi Paganini   Posted In  Breaking News  Digital ID  Hacking  

http://securityaffai...ml-hacking.html