SAML roulette: the hacker always wins
ATT&CK techniques detected
T1606.002SAML Tokens
52%
“’ s syntax, causing the xml comment to be processed and resulting in an entirely different node. my highly skilled colleague, zak, refined this mutation into a more streamlined and effective attack vector : this vector allowed exploitation of gitlab and any other application usin…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
33%
“saml roulette : the hacker always wins research academy my account customers about blog careers legal contact resellers attack surface visibility improve security posture, prioritize manual testing, free up time. ci - driven scanning more proactive security - find and fix vulnera…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library