3 Videos for SAML: Known Key

PRO
Tier
Medium
1-2 Hrs.
500
Authentication / Authorization Badge
image of exercise SAML IV: Introduction
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
SAML IV: Introduction

In this video, we provide an introduction to the SAML IV challenge, part of the authentication and authorization badge. We discuss how SAMLResponses are signed with a private key and how default keys and certificates can be exploited to tamper with these responses.

video duration icon01:42 number of views icon571

 

image of exercise SAML IV: Finding the private key by using the certificate in a SAMLResponse
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
SAML IV: Finding the private key by using the certificate in a SAMLResponse

In this video, we explore the SAML IV challenge from the authentication and authorization badge. We demonstrate how to extract a certificate from a SAML Response and determine if the application uses a default certificate and private key to sign the response.

video duration icon05:16 number of views icon878

 

image of exercise SAML IV: Exploitation with SAML Raider
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
SAML IV: Exploitation with SAML Raider

In this video, we cover the exploitation of SAML vulnerabilities using SAML Raider. We demonstrate how to use Burp Suite and SAML Raider to manipulate SAML assertions and gain unauthorized access.

video duration icon02:42 number of views icon713