[Dailydave] Cicadas

Christian Heinrich christian.heinrich at cmlh.id.au
Thu Sep 10 18:27:09 EDT 2015


Dave,

Active Directory is the authentication standard with Microsoft Azure
(of course) and can be federated with Amazon Web Services i.e.
http://blogs.aws.amazon.com/security/post/Tx71TWXXJ3UI14/Enabling-Federation-to-AWS-using-Windows-Active-Directory-ADFS-and-SAML-2-0

After authentication, the SAML "binding" protocol does not enforce a
secure communications channel and can therefore be transmitted over
HTTP.

On Fri, Sep 11, 2015 at 4:48 AM,  <dmaynor at gmail.com> wrote:
> Dave,
> Active Directory has long been my favorite target because of the power a
> Domain Admin wields combined with the odds and ends that get integrated
> means any bug can be devastating
>
> The "cloud" has been making vast inroads in Enterprise customer bases. I
> find companies that have started post 2010 that are large enough to require
> pen tests favor the out sourced infrastructure.
>
> Alas AD is becoming less important and Microsoft might come out ahead on the
> technical debt because the pushed the can down the road far enough to where
> they are no longer as important.
>
> DaveM
>
>
> On Sep 10, 2015, at 13:17, Dave Aitel <dave at immunityinc.com> wrote:
>
> Yagate shinu
>   Keshiki wa miezu
>       Semi no koe
>       - Basho
>
> I updated my SILICA this morning while making pancakes for the kids, as you
> do, and of course, all around me looked about with new eyes. I have a new
> mesh network that a friend installed in my house and it's interesting to see
> what it looks like to a wireless hacker. If you haven't seen the new SILICA
> video it is here: https://vimeo.com/136964755
>
> There's this sense that hackers get which is divorced from what is in Wired
> or Business Insider or BlackHat which is "Works in the Wild".  It's a
> palpable thing, that sets priorities like a hot oil such that you can tell
> who has "Gone Active", as they say, from their recoiling from various
> technologies. One technology that is currently on the hot plate is Active
> Directory. You can see from talks even at DefCon that people are looking at
> WMI as a persistence mechanism in the wild. And the Microsoft talk from
> INFILTRATE 2014 went over a whole methodology for attacking Active Directory
> networks that dragged public discussion of the techniques into the modern
> age. For decades AD has been a disaster from a security perspective - by
> design - and now all that technical debt is coming due like a storm of
> cicadas chirping their last song.
>
> -dave
>
>
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>



-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact


More information about the Dailydave mailing list