I Am AD FS and So Can You - Attacking Active Directory Federated Services
Offered By: WEareTROOPERS via YouTube
Course Description
Overview
Explore the intricacies of Active Directory Federated Services (AD FS) and its potential vulnerabilities in this comprehensive conference talk. Delve into the building blocks of AD FS, including claims pipelines, security tokens, and assertions. Learn about identity providers, adapters, and techniques for locating AD FS proxies. Discover methods to target weak links and adapt attack strategies. Gain insights into the Windows Internal Database (WID) and techniques for locating and decrypting sensitive information. Examine tools like ADFSDump and ADFSpoof, and understand their implications. Conclude with best practices for mitigation and appropriate incident response strategies to enhance AD FS security.
Syllabus
Intro
Roadmap
Doug Bienstock - @doughsec
Austin Baker - @bakedsec
Active Directory Federated Services
Building Blocks - Claims Pipeline
Building Blocks - Security Tokens
Building Blocks - claims to assertions
Building blocks - the RP
Identity Providers and Adapters
Finding AD FS Proxies
Target the Weak Links
Adapt or die
Windows Internal Database (WID)
Locating the goods
Decrypting the SigningToken
Key Derivation
Key Decryption
ADFSDump
ADFSpoof
Best Practices and Mitigations
Responding Appropriately
Taught by
WEareTROOPERS
Related Courses
Raccoon Attack - Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)TheIACR via YouTube Applied Cryptography and Trust - Hashing
Bill Buchanan OBE via YouTube Golang and Cryptography - Part 1
Bill Buchanan OBE via YouTube Secure Channels - Building Real World Crypto Systems
BruCON Security Conference via YouTube What We've Learned with Two-Secret Key Derivation
BSidesLV via YouTube