Loading…
Security BSides London, the UK’s biggest community-driven infosec conference is happy to announce its 8th iteration open to all regardless of background, skill level, income or job-title.  
  • Doors to the main event open at 8.30am with talks starting at 9am on 5 June 2019
  • Workshops will be held on 4 June 2018 starting at 10am; Pre-registration is required
Please remember that Security BSides London has a strict code of conduct available here
Wednesday, June 5 • 15:05 - 15:20
The Keymaker

Sign up or log in to save this to your schedule and see who's attending!

The Keymaker - a tool for creating access tokens for Service Providers using stolen ADFS signing certificate and a private key. Although the idea and methodology been around for a while there is limited previous work related to obtaining certificates and keys and signing requests with them.

Organizations are increasingly moving into the cloud. If we can obtain ADFS signing keys we can sign our own requests to Service Providers and get unrestricted access to the services. In case of Amazon Web Services, we even can assign ourselves any role in the request. This also gives us persistence as we don’t need to be on the network if we want to access emails, SharePoint, etc.

The Keymaker is a Python server which will run locally on our machine. Instead of making a request to Identity Provider, The Keymaker will capture the forwarded request and sign it without any interaction from the Identity Provider.

I will briefly go through what ADFS is, what processes are involved in getting access tokens and why we are interested in them. I will show example of access tokens and show a small demo of the tool with couple of notes on possible mitigation.

Speakers
avatar for Maksims Luferovs

Maksims Luferovs

Max specialises in Red Teaming and Pen Testing at KPMG. He is involved in security research of recent breaches, vulnerabilities and exploits. In his free time he likes participating in CTFs and coding challenges.


Wednesday June 5, 2019 15:05 - 15:20
Rookie Track ILEC Conference Centre 47 Lillie Road London SW6 1UD

Twitter Feed