5 matches found
New Silver SAML Attack Evades Golden SAML Defenses in Identity Systems
Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks. Silver SAML "enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against...
Mitigation of Supply Chain Risks in Microsoft 365
In this blog we review five attack techniques exploited to compromise MS 365 tenants. Qualys SaaS Detection & Response can be used by both IT and security teams to assess these threats, and then to fix common misconfigurations, hardening supply chain defenses. Last October, news of Microsoft 365 ...
SVR Attacks on Microsoft 365
FireEye is reporting the current known tactics that the SVR used to compromise Microsoft 365 cloud data as part of its SolarWinds operation: Mandiant has observed UNC2452 and other threat actors moving laterally to the Microsoft 365 cloud using a combination of four primary techniques: Steal the...
shimit - A tool that implements the Golden SAML attack
shimit is a python tool that implements the Golden SAML attack. More informations on this can be found in the following article on our blog. python .\shimit.py -h usage: shimit.py -h -pk KEY -c CERT -sp SP -idp IDP -u USER -reg REGION --SessionValidity SESSIONVALIDITY --SamlValidity SAMLVALIDITY ...
SAML Post-Intrusion Attack Mirrors ‘Golden Ticket’
Researchers at CyberArk Labs have created a post-intrusion attack technique known as a Golden SAML that could allow an attacker to fake enterprise user identities and forge authentication to gain access to valuable cloud resources in a federation environment. “Using this post-exploit technique,...