The Golden SAML threat vector enables an attacker to create a forged SAML “authentication object,” and authenticate across every service that uses SAML 2.0 protocol as an SSO mechanism. In a golden SAML attack, the attacker can gain access to any application that supports SAML authentication (e.g. Azure, AWS, vSphere, etc.) with any privileges they … Continue reading What is Golden SAML?
Author: 0hbrian
A Floridian (former New Yorker) who worked in cybersecurity, turns screws, cuts wood, and watches way too much NBA basketball.
Secure Networks Vidcast with Mike Morris from Endace
I had the fantastic opportunity to have a recorded video chat (a vidcast) with Mike Morris the Global Director of Business Development at Endace recently. Endace is in my mind the market leader when it comes to network packet capture solutions. They have really evolved network packet technology from its roots in open source TCPdump … Continue reading Secure Networks Vidcast with Mike Morris from Endace
Amazingly Great Read: Gates and Ladders
Before I was a programmer. Before I was a network expert. Before I was an educator. I was a car guy. Due to all these other things in my life I never got as deep into auto mechanics as others. Reading about and working on my cars has always been a great distraction from Internet … Continue reading Amazingly Great Read: Gates and Ladders
Inference, Aggregation, and Safe Cracking
I'm studying for the CISSP exam. Inference and aggregation are means used to take low level or partial information and use that to derive higher level information. Inference requires deduction. The lower level information provides clues. Aggregation is a mathematical or mechanical process. Apply inference and aggregation to safe cracking (or lock picking). Using inference … Continue reading Inference, Aggregation, and Safe Cracking
Enough Already. Stamos is right.
If you have not read this already I highly recommend Alex Stamos' opinion essay that appeared in the Washington Post on December 15th, 2020. Titled "Enough is enough. Here’s what we should do to defend against the next Russian cyberattacks.", Stamos writes about how poor our response is today and what the United States government … Continue reading Enough Already. Stamos is right.
Examining PayPal Phishing Email Headers
Looking at the phishing email I received the other day telling me that my PayPal account had been suspended the next step in my investigation is to determine how it reached my inbox. There are many good resources available that describe manual email header analysis. To start out take a look at this article at … Continue reading Examining PayPal Phishing Email Headers
PayPal Phishing…
I received a really authentic looking email message today telling me that my PayPal account had been suspended. Only problem was that he email address the message was sent to doesn't actually have a PayPal account associated with it. But given the effort that must have been taken to undertake this campaign I thought I'd … Continue reading PayPal Phishing…
What’s Next?
Hired Cisco 1997. Fired Cisco 2014. Acquired by Cisco 2016. Retired from Cisco 2020. I've learned a lot in these past 23 years. I hope that I can share what I've learned with others and in some small part help to close the digital divide.
Summer Reading 101 – The Blue Team Field Manual
I read all the time. I admit that I read less now that I found and use Audible the Amazon audio book service). While Audible is great the books I chose to read (or re-read) this summer are probably not available there. I recently re-read the Blue Team Field Manual (BTFM) and read the Red … Continue reading Summer Reading 101 – The Blue Team Field Manual
Using Biometrics to Replace Passwords
I was recently asked this question...I'm working on a project right now where my team wants to substitute passwords and usernames for biometric authentication. I have expressed my multiple concerns for the security of such a system, but the idea has now come up that we could use a system with at least 2 factors … Continue reading Using Biometrics to Replace Passwords
