SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, May 23rd 2025: Backup Connectivity; Windows 2025 dMSA Abuse; Samlify Vulnerability
May 23, 2025
Learn how to create resilient backup connectivity for your home network and avoid hidden backdoors. Discover the dangers of abusing dMSA in Active Directory that can lead to privilege escalation. Delve into a serious flaw in the samlify library that allows SAML Single Sign-On bypass, potentially enabling attackers to assume other users' identities. The discussion emphasizes the need for timely updates and secure configurations to protect against evolving cybersecurity threats.
AI Snips
Chapters
Transcript
Episode notes
Secure Backup Connectivity
- Secure backup network tunnels with proper authentication and monitoring.
- Use alert scripts to detect unauthorized jump host logins during outages.
DMSA Abuse for Privilege Escalation
- Windows Server 2025's delegated managed service account migration can be abused.
- Attackers create fake accounts pointing to privileged old accounts to escalate rights.
Mitigating DMSA Risk
- Restrict who can create service accounts to reduce exploitation risk.
- Monitor account migrations in logs with available PowerShell scripts from Akamai.