GITBOOK-486: change request with no subject merged in GitBook

HackTricks-wiki · Dec 8, 2023 · 792e744 · 792e744
1 parent 56d3166
commit 792e744
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/pentesting-ci-cd/okta-security/README.md b/pentesting-ci-cd/okta-security/README.md
@@ -50,6 +50,8 @@ Usually the portal of a company will be located in **companyname.okta.com**. If
 
 ### Login in Okta via Kerberos
 
+(Attack copied [**from here**](https://trustedsec.com/blog/okta-for-red-teamers)).
+
 If a domain like **`companyname.kerberos.okta.com`** exists, then kerneros is configured within the company to access Okta. This is very interesting as usually Windows users won't need MFA to access Okta.
 
 It's also possible to find Kerberos users configured with Okta access within the AD env running:
@@ -88,6 +90,8 @@ And again, deliver this to Okta via our browser session:
 
 ### Hijacking Okta AD Agent
 
+(Attack copied [**from here**](https://trustedsec.com/blog/okta-for-red-teamers)).
+
 If you access a server running the Okta AD Agent. This agent is responsible for syncing domain users and groups over to Okta for provisioning, and also answering authentication requests from Okta as users log into the portal.
 
 By default, the agent is installed to:
@@ -176,6 +180,8 @@ The result of issuing this request is allowing authentication for any user via O
 
 ### Hijacking AD As an Admin
 
+(Attack copied [**from here**](https://trustedsec.com/blog/okta-for-red-teamers)).
+
 We know that we can hijack an Okta AD Agent using a stolen Agent Token, but what about if we have compromised a privileged Okta account and want to do this without an existing agent token? Let’s look at how to do this.
 
 First, we need to create an Okta AD Agent API token. To kick off the authentication flow, we need an OAuth Code. To get this we start by heading to:
@@ -311,6 +317,8 @@ python ./main.py --tenant-domain example.okta.com --skeleton-key WibbleWobble99
 
 ### Okta Fake SAML Provider
 
+(Attack copied [**from here**](https://trustedsec.com/blog/okta-for-red-teamers)).
+
 Another technique which has been very useful during assessments is the deployment of a fake SAML provider.
 
 Recently Okta actually provided [a security update](https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection)  on in-the-wild attacks using this technique, so it’s certainly useful to know about this when simulating activity on an environment, especially for clients who would like to test their detections of this particular attack.