MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone

Updated August 26, 2022: Added instructions to enable collection of AD FS event logs in order to search for Event ID 501, and added a new resource for AD FS audit logging in Microsoft Sentinel. Microsoft security researchers have discovered a post-compromise capability we’re calling MagicWeb, whi...

Microsoft Active Directory Federated Services (ADFS) User Enumeration

Credits: Joshua Platz aka Binary1985 + CVE ID: Requested + Website: https://github.com/binary1985 + Source: https://raw.githubusercontent.com/binary1985/VulnerabilityDisclosure/master/ADFS-Timing-Attack Vendor: ========================== http://www.microsoft.com Product: =========== Active...