Golden SAML Are The New Golden Tickets

Logo
Presented by

Nathaniel Ford, Moderator, (ISC)² EMEA, Shaked Reiner, CyberArk Labs Researcher

About this talk

In this webinar, we will explore a new attack vector that CyberArk Labs has discovered and dubbed “golden SAML.” The vector enables an attacker to create a golden SAML, which is basically a forged SAML “authentication object,” and authenticate across every service that uses SAML 2.0 protocol as an SSO mechanism. The team from CyberArk Labs will discuss how in a golden SAML attack, attackers can gain access to any application that supports SAML authentication (e.g. Azure, AWS, vSphere, etc.) with any privileges they desire and be any user on the targeted application (even one that is non-existent in the application in some cases). They'll then demonstrate their new tool, shimit, that implements a golden SAML in order to compromise an AWS account from within a Microsoft domain.
Related topics:

More from this channel

Upcoming talks (9)
On-demand talks (393)
Subscribers (92923)
ISC2 Security Briefings EMEA offers members in Europe, the Middle East and Africa a chance to learn about the latest trends, tools and best practices in cyber, information, software and infrastructure security while earning CPEs