3 Videos for SAML: Known Key

Access to videos for this exercise is only available with PentesterLab PRO
GOPRO
SAML IV: Introduction
In this video, we provide an introduction to the SAML IV challenge, part of the authentication and authorization badge. We discuss how SAMLResponses are signed with a private key and how default keys and certificates can be exploited to tamper with these responses.

Access to videos for this exercise is only available with PentesterLab PRO
GOPRO
SAML IV: Finding the private key by using the certificate in a SAMLResponse
In this video, we explore the SAML IV challenge from the authentication and authorization badge. We demonstrate how to extract a certificate from a SAML Response and determine if the application uses a default certificate and private key to sign the response.

Access to videos for this exercise is only available with PentesterLab PRO
GOPRO
SAML IV: Exploitation with SAML Raider
In this video, we cover the exploitation of SAML vulnerabilities using SAML Raider. We demonstrate how to use Burp Suite and SAML Raider to manipulate SAML assertions and gain unauthorized access.