Don't Gamble with Golden SAML

Presented by

Dan Kaiser, Sally Vincent, and Jake Williams

About this talk

On December 8, 2020, FireEye announced that they had been the subject of a cybersecurity incident. Through their investigation, they discovered the SUNBURST backdoor and notified SolarWinds of the issue just four days later. This backdoor gave attackers access to Orion systems on victim networks, and once you gain control of a system like Orion, you have a ticket to ride. And ride they did. The attack compromised victims Office365 email accounts. But how did attackers get from the on-prem Orion systems to the Microsoft cloud? The Golden SAML attack. Golden SAML is a federated attack that steals the private keys of your ADFS server and uses them to forge a SAML token trusted by your Office 365 environment. This allows the attacker to access any O365 resource available to the impersonated user, including their mailbox. In this webinar, Dan Kaiser and Sally Vincent, threat research engineers from the LogRhythm Labs team, will walk through what the Golden SAML attack is and is not, how it works, and how to identify and prevent the attack in your environment. SANS senior instructor, Jake Williams, will join in on the conversation and help answer your questions about supply chain attacks. It's time to stop gambling with threats like Golden SAML. Watch on-demand today to learn how to detect and prevent supply chain attacks from threat research experts.

Related topics:

More from this channel

Upcoming talks (5)
On-demand talks (216)
Subscribers (69613)
LogRhythm helps busy and lean security operations teams save the day—day after day. There’s a lot riding on the shoulders of security professionals—the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources—the weight of protecting the world. LogRhythm helps lighten this load. The company is on the frontlines defending against many of the world’s most significant cyberattacks and empowers security teams to navigate an ever-changing threat landscape with confidence. As allies in the fight, LogRhythm combines a comprehensive and flexible security operations platform, technology partnerships, and advisory services to help SOC teams close the gaps.