Exploiting Token-Based Authentication Attacking—and Defending—Identities
For more than 20 years, token-based authentication has enabled identity verification to service providers (SPs) without sending usernames and passwords over the network. Token-based authentication is based on trust in an identity provider (IdP), which creates tokens to be consumed by SPs. But techniques for exploiting token-based authentication put this trust at risk.
There are at least two types of exploitation techniques: stealing tokens (aka token replay) and forging tokens. MITRE has categorized these attacks as T11134/001 and T1606, respectively. Regardless of the technical implementation of token-based authentication (e.g., Kerberos, SAML, OAuth), the latter technique requires getting access to used cryptographic secrets.
This demo-packed session will cover both attack techniques. You will learn how adversaries conduct token-replay attacks and how to protect against them. You will also learn how adversaries forge tokens to impersonate users and how to detect and prevent such exploitation.
Although attack techniques are provider-agnostic, the live demonstrations in this session will use Microsoft on-premises and cloud identity platforms.
