Episode 46: The SAML Ramble
Critical Thinking - Bug Bounty Podcast23 Nov 2023

Episode 46: The SAML Ramble

Episode 46: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is deep diving the topic of SAML (Security Assertion Markup Language), and walks through what it is and why it can be intimidating, before going over some key attack vectors to look for. Then he closes out with a commentary on a sample payload, and some HackerOne reports.

Follow us on twitter at: @ctbbpodcast

We're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.io

Shoutout to YTCracker for the awesome intro music!

------ Links ------

Follow your hosts Rhynorater & Teknogeek on twitter:

https://twitter.com/0xteknogeek

https://twitter.com/rhynorater

------ Ways to Support CTBBPodcast ------

Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.

KazHACKstan

https://kazhackstan.com/en

Testing SAML security with DAST

https://agrrrdog.blogspot.com/2023/01/testing-saml-security-with-dast.html

How to break SAML if I have paws?

https://speakerdeck.com/greendog/how-to-break-saml-if-i-have-paws?slide=20

How to Hunt Bugs in SAML; a Methodology

https://epi052.gitlab.io/notes-to-self/blog/2019-03-16-how-to-test-saml-a-methodology-part-three/

SAML Raider

https://portswigger.net/bappstore/c61cfa893bb14db4b01775554f7b802e

External Entity Injection during XML signature verification

https://bugs.chromium.org/p/project-zero/issues/detail?id=2313

mTLS: When certificate authentication is done wrong

https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/

HackerOne Uber Report

https://hackerone.com/reports/136169

Timestamps:

(00:00:00) Introduction

(00:05:25) Understanding SAML and its complexities

(00:08:30) SAML Attack Vectors

(00:14:15) XML Signature Wrapping

(00:19:50) Some SAML tests to try

(00:30:30) Sample Payload description

(00:34:10) Token Recipient confusion

(00:36:05) HackerOne Reports

Episoder(161)

Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown

Episode 153: Hacking the Robots of the Future: Hardware, AI, and Bug Bounties with Matt Brown

Episode 153: In this episode of Critical Thinking - Bug Bounty Podcast Matt Brown returns to talk with us about hacking robots, IOT hackbots, and his Zero-to-Hero Hardware Hacking Guide.Follow us on t...

18 Des 20251h 16min

Episode 152: GeminiJack and Agentic Security with Sasi Levi

Episode 152: GeminiJack and Agentic Security with Sasi Levi

Episode 152: In this episode of Critical Thinking - Bug Bounty Podcast we’re joined by Sasi Levi from Noma Security to talk about AI and Agentic Security. We also talk about ForcedLeak, a Google Verte...

11 Des 20251h 21min

Episode 151: Client-side Advanced Topics

Episode 151: Client-side Advanced Topics

Episode 151: In this episode of Critical Thinking - Bug Bounty Podcast we’re covering Client-side advanced topics. Justin talks Joseph (and us) through Third-Party Cookie Nuances, Iframe Tricks, URL P...

4 Des 20251h 7min

Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration

Episode 150: ASP.NET MVC Patterns, Popping Oracle Identity, and Esoteric Subdomain Enumeration

Episode 150: In this episode of Critical Thinking - Bug Bounty Podcast we're highlighting some cool news and research, but not before expressing our gratitude to the Hacker community. We are so thankf...

27 Nov 202557min

Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

Episode 149: DEFCON Debrief: AI Vulns, Unicode Weirdness, and Wild Vulnerability Chains

Episode 149: In this episode of Critical Thinking - Bug Bounty Podcast The DEFCON videos are up, and Justin and Joseph talk through some of their favorites.Follow us on XGot any ideas and suggestions?...

20 Nov 20251h 2min

Episode 148: MCP Hacking Guide

Episode 148: MCP Hacking Guide

Episode 148: In this episode of Critical Thinking - Bug Bounty Podcast Justin gives us a crash course on Model Context Protocol.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and sugg...

13 Nov 202532min

Episode 147: Stupid Simple Hacking Workflow Tips

Episode 147: Stupid Simple Hacking Workflow Tips

Episode 147: In this episode of Critical Thinking - Bug Bounty Podcast we're talking tips and tricks that help us in hacking that we really should’ve learned sooner.Follow us on twitter at: https://x....

6 Nov 202558min

Episode 146: Hacking Horror Stories

Episode 146: Hacking Horror Stories

Episode 146: In this episode of Critical Thinking - Bug Bounty Podcast Justin, Joseph, and Brandyn all sit down to celebrate the spooky season by swapping their scariest bug stories. From frightening ...

30 Okt 20251h 50min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
smart-forklart
rss-avskiltet
tomprat-med-gunnar-tjomlid
nasjonal-sikkerhetsmyndighet-nsm
teknisk-sett
energi-og-klima
rss-impressions-2
shifter
rss-alt-vi-kan
elektropodden
teknologi-og-mennesker
fornybaren
pedagogisk-intelligens
rss-fjorsilkebris-podcast
hans-petter-og-co
kunstig-intelligens-med-morten-goodwin
rss-byggepodden
rss-for-alarmen-gar