"Echoes of SolarWinds in New 'Silver SAML' Attack Technique"

In the SolarWinds attack, the threat actor behind it compromised the company's Orion network management product and used it to infiltrate target enterprise networks. The threat actor often used a technique called "Golden SAML" to maintain persistent access to applications and services in that environment. Semperis researchers have recently detailed a new version of the technique dubbed "Silver SAML." Silver SAML, like the original, uses SAML response forgery but does not require the attacker to have access to Active Directory Federation Services (ADFS). This article continues to discuss the Golden SAML and Silver SAML attack techniques.

Dark Reading reports "Echoes of SolarWinds in New 'Silver SAML' Attack Technique"

Submitted by grigby1

Submitted by Gregory Rigby on