[Dailydave] Why people aren't stealing ADFS secrets?

Discussion:

Konrads Smelkovs

2017-09-27 18:17:04 UTC

Kyle Creyts

2017-09-27 20:14:27 UTC

Or other SAML IDP private keys. ADFS is good, but stealing them from IDP
vendors might be much more efficient, and open many more doors. One hopes
that Google, OneLogin, Okta, and friends all do the needful to compartment
and protect these private keys.

Post by Konrads Smelkovs
I was thinking about long term persistence and clearly, it would make a
lot of sense to steal the private key of the ADFS certificate that is used
to authenticate SAML claims. Anyone seen it done?
--
Konrads Smelkovs
Applied IT sorcery.
_______________________________________________
Dailydave mailing list
https://lists.immunityinc.com/mailman/listinfo/dailydave

--
Kyle Creyts

James Pleger

2017-09-28 02:12:36 UTC

Permalink

I'm not holding out much hope on the OneLogin side, the breach they had earlier this year sounded really bad. Maybe that event woke up the other identity providers though.

http://www.zdnet.com/article/onelogin-security-chief-new-details-data-breach/

Or other SAML IDP private keys. ADFS is good, but stealing them from IDP vendors might be much more efficient, and open many more doors. One hopes that Google, OneLogin, Okta, and friends all do the needful to compartment and protect these private keys.

I was thinking about long term persistence and clearly, it would make a lot of sense to steal the private key of the ADFS certificate that is used to authenticate SAML claims. Anyone seen it done?
--
Konrads Smelkovs
Applied IT sorcery.
_______________________________________________
Dailydave mailing list
https://lists.immunityinc.com/mailman/listinfo/dailydave

--
Kyle Creyts
_______________________________________________
Dailydave mailing list
https://lists.immunityinc.com/mailman/listinfo/dailydave