Dailydave mailing list archives
Re: Why people aren't stealing ADFS secrets?
From: James Pleger <jpleger () gmail com>
Date: Wed, 27 Sep 2017 19:12:36 -0700
I'm not holding out much hope on the OneLogin side, the breach they had earlier this year sounded really bad. Maybe that event woke up the other identity providers though. http://www.zdnet.com/article/onelogin-security-chief-new-details-data-breach/
On Sep 27, 2017, at 13:14, Kyle Creyts <kyle.creyts () gmail com> wrote: Or other SAML IDP private keys. ADFS is good, but stealing them from IDP vendors might be much more efficient, and open many more doors. One hopes that Google, OneLogin, Okta, and friends all do the needful to compartment and protect these private keys.On Wed, Sep 27, 2017 at 1:00 PM Konrads Smelkovs <konrads.smelkovs () gmail com> wrote: I was thinking about long term persistence and clearly, it would make a lot of sense to steal the private key of the ADFS certificate that is used to authenticate SAML claims. Anyone seen it done? -- Konrads Smelkovs Applied IT sorcery. _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave-- Kyle Creyts _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Why people aren't stealing ADFS secrets? Konrads Smelkovs (Sep 27)
- Re: Why people aren't stealing ADFS secrets? Kyle Creyts (Sep 27)
- Re: Why people aren't stealing ADFS secrets? James Pleger (Sep 28)
- Re: Why people aren't stealing ADFS secrets? Kyle Creyts (Sep 27)