MagicWeb

Description

(Microsoft) MagicWeb goes beyond the collection capabilities of FoggyWeb by facilitating covert access directly. MagicWeb is a malicious DLL that allows manipulation of the claims passed in tokens generated by an Active Directory Federated Services (AD FS) server. It manipulates the user authentication certificates used for authentication, not the signing certificates used in attacks like Golden SAML.

Names

Name
MagicWeb

Type

Backdoor

Information

https://www.microsoft.com/security/blog/2022/08/24/magicweb-nobeliums-post-compromise-trick-to-authenticate-as-anyone/

Other Information

Uuid

4785839c-bd5f-4eee-a4ad-d18415ac2300

Last Card Change

2022-09-12

Threat Intelligence Garden

Explorer

MagicWeb

MagicWeb

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks