![]() ![]() Almost all organisations lack appropriate IAM policy controls to effectively secure their data in the cloud, according to a damning study.Researchers at cloud security specialist Emetic recently discussed the importance of understanding the different IAM features among the major cloud providers.A compromised certificate cannot be revoked by an organisation’s administrators.” “Attackers can renew the certificate when it expires to maintain persistence in the network for years. “The compromised certificate can be used with the attacker-controlled PTA agent to create an undetectable backdoor, allowing threat actors to log in using invalid passwords, gather credentials and perform remote denial of service attacks,” said the team. With this certificate to hand, a threat actor can perform a number of malicious actions, as the CTU team explained in its disclosure notice. However, the CTU research team has now demonstrated a successful proof of concept (PoC) for an exploit that if left unchecked can be used by a threat actor to exploit the PTA’s core installation processes and steal the agent’s identity by exporting the certificate that it uses for certificate-based authentication (CBA). ![]() ![]() When a user accesses a service using the Azure AD identity platform, such as Microsoft 365, and provides their credentials, Azure AD encrypts them and sends an authentication request to one of the agents, which decrypts these credentials, logs in with them, and returns the results to the user. ![]() PTA works by installing agents on on-premise servers, up to a maximum of 40 per tenant. When it comes to identity federation, which is usually implemented with the AD Federation Services (AD FS), PTA is often held to be more secure – AD FS was notably exploited in the SolarWinds attack. It is considered a good option for organisations that cannot or do not wish to synchronise password hashes to the cloud, or ironically those that need stronger authentication controls. PTA is one of three authentication options used for hybrid identities in Azure AD, the others being password-hash synchronisation (PHS) and identity federation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |