ADFS Server Compromise: How Attackers Forge Tokens #shorts

Name: ADFS Server Compromise: How Attackers Forge Tokens #shorts
Uploaded: 2026-03-31
Duration: 40 s
Description: Compromised ADFS server? Threat actors can dump token signing certificates and private keys. With these, they can forge their own tokens, granting unauthorized access. #ADFSSecurity #CyberAttack #TokenSigning #SecurityBreach #SolarWinds

BSides Frankfurt0:4097 viewsPublished 2026-03Watch on YouTube ↗

About this talk

Compromised ADFS server? Threat actors can dump token signing certificates and private keys. With these, they can forge their own tokens, granting unauthorized access. #ADFSSecurity #CyberAttack #TokenSigning #SecurityBreach #SolarWinds

Show transcript [en]

What could possibly go wrong here? If you think of a compromised company, well, one way, which we saw in like the SolarWinds attack, for example, was that if the ADFS server is compromised, you don't need to be domain admin. You just You just need to be local admin on the ADFS server, then you can dump the token signing certificate and the related private keys and secrets. And with that, you can just sign your own tokens. Which means that yeah, it's not a bad good situation, right? Because then you sort of just fly your way into whatever you want to fly into because yeah, you sign your own tokens as a threat actor. But, this is not what we saw in this

specific attack, right?

ADFS Server Compromise: How Attackers Forge Tokens #shorts

Related talks