April 2023

Single Sign On Security

SAML Shenanigans

March 2023 – With single sign-on becoming more common during our assessments, we cover one of the vulnerabilities we discovered during an engagement that let us forge SAML responses to escalate privileges in a web application.

Subdomain Takeovers

Subdomain takeovers are where an attacker is able to abuse dangling DNS aliases for cloud services to host their own content on an organisation’s subdomain. This content could consist of phishing pages, malware or anything else to compromise sensitive data.