[Dailydave] Why people aren't stealing ADFS secrets?
Kyle Creyts
kyle.creyts at gmail.com
Wed Sep 27 20:14:27 UTC 2017
Or other SAML IDP private keys. ADFS is good, but stealing them from IDP
vendors might be much more efficient, and open many more doors. One hopes
that Google, OneLogin, Okta, and friends all do the needful to compartment
and protect these private keys.
On Wed, Sep 27, 2017 at 1:00 PM Konrads Smelkovs <konrads.smelkovs at gmail.com>
wrote:
>
> I was thinking about long term persistence and clearly, it would make a
> lot of sense to steal the private key of the ADFS certificate that is used
> to authenticate SAML claims. Anyone seen it done?
>
>
> --
> Konrads Smelkovs
> Applied IT sorcery.
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
--
Kyle Creyts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/dailydave/attachments/20170927/e972bd40/attachment-0001.html>
More information about the Dailydave
mailing list