What are the recommended defenses against the SAML certificate exploitation technique described in the article?
Organizations should apply security patches to prevent attackers from gaining vCenter local administrator privileges. Additionally, they must ensure vCenter backup files are properly secured and not leaked, as these can be used to extract the data.mdb file and forge SAML authentication tokens.
---
**Related reading:**
- vSphere Development Guide 6 - vCenter SAML Certificates — original article
- Covenant Utilization Analysis
- ADAudit Plus Exploitation Analysis — Data Encryption Analysis
- Domain Penetration - Executing Programs on Remote Systems Using DCOM
---
**Related reading:**
- vSphere Development Guide 6 - vCenter SAML Certificates — original article
- Covenant Utilization Analysis
- ADAudit Plus Exploitation Analysis — Data Encryption Analysis
- Domain Penetration - Executing Programs on Remote Systems Using DCOM
security patchesvCenter backupdata.mdbSAMLprivilege escalation