Dave, Active Directory is the authentication standard with Microsoft Azure (of course) and can be federated with Amazon Web Services i.e. http://blogs.aws.amazon.com/security/post/Tx71TWXXJ3UI14/Enabling-Federation-to-AWS-using-Windows-Active-Directory-ADFS-and-SAML-2-0
After authentication, the SAML "binding" protocol does not enforce a secure communications channel and can therefore be transmitted over HTTP. On Fri, Sep 11, 2015 at 4:48 AM, <[email protected]> wrote: > Dave, > Active Directory has long been my favorite target because of the power a > Domain Admin wields combined with the odds and ends that get integrated > means any bug can be devastating > > The "cloud" has been making vast inroads in Enterprise customer bases. I > find companies that have started post 2010 that are large enough to require > pen tests favor the out sourced infrastructure. > > Alas AD is becoming less important and Microsoft might come out ahead on the > technical debt because the pushed the can down the road far enough to where > they are no longer as important. > > DaveM > > > On Sep 10, 2015, at 13:17, Dave Aitel <[email protected]> wrote: > > Yagate shinu > Keshiki wa miezu > Semi no koe > - Basho > > I updated my SILICA this morning while making pancakes for the kids, as you > do, and of course, all around me looked about with new eyes. I have a new > mesh network that a friend installed in my house and it's interesting to see > what it looks like to a wireless hacker. If you haven't seen the new SILICA > video it is here: https://vimeo.com/136964755 > > There's this sense that hackers get which is divorced from what is in Wired > or Business Insider or BlackHat which is "Works in the Wild". It's a > palpable thing, that sets priorities like a hot oil such that you can tell > who has "Gone Active", as they say, from their recoiling from various > technologies. One technology that is currently on the hot plate is Active > Directory. You can see from talks even at DefCon that people are looking at > WMI as a persistence mechanism in the wild. And the Microsoft talk from > INFILTRATE 2014 went over a whole methodology for attacking Active Directory > networks that dragged public discussion of the techniques into the modern > age. For decades AD has been a disaster from a security perspective - by > design - and now all that technical debt is coming due like a storm of > cicadas chirping their last song. > > -dave > > > > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave > -- Regards, Christian Heinrich http://cmlh.id.au/contact _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
