“the courts often don’t take these offenses seriously”

The title of this post is a quote from Mark Rasch, a former federal prosecutor with the U.S. Justice Department regarding sentencing guidelines that saw an admitted criminal receive a sentence of time served.. Brian Krebs published an article today concerning the sentencing of admitted criminal Peter “Severa” Levashov. In short, Levashov was sentenced to … Continue reading “the courts often don’t take these offenses seriously”

What is Golden SAML?

The Golden SAML threat vector enables an attacker to create a forged SAML “authentication object,” and authenticate across every service that uses SAML 2.0 protocol as an SSO mechanism. In a golden SAML attack, the attacker can gain access to any application that supports SAML authentication (e.g. Azure, AWS, vSphere, etc.) with any privileges they … Continue reading What is Golden SAML?