OpenFGA and Keycloak configuration Some time ago, we integrated OpenFGA with Keycloak for our AuthN/AuthZ implementation. OpenFGA can interpret the token’s “aud” claim when making authentication/authorization decisions. The “aud” claim specifies the intended recipient(s) of the token: The “aud” (audience) claim identifies the recipients that the JWT is intended for. Each principal intended to process the JWT must… Read More »
Intro Many articles have references to SSO capabilities of Keycloak, but they often don’t explain how it works under the hood. In this article we have simple environment in form of Docker Compose with Keycloak and two Angular applications that will help you to understand how cookies based authentication works with Keycloak. We will dive deep into this… Read More »
If you’re working with Keycloak and wondering how to handle multi-tenancy, then this article is for you. I’ve seen a lot of confusion around realms – what they are, how they behave, and whether they’re the right building blocks for tenant separation. Let’s break it down. What is a Realm in Keycloak? At its core, a realm in… Read More »
Keycloak Admin REST API performance limitations Previously, we have dealt with some limitations related to Keycloak that might be useful to know before actively using Keycloak Admin REST API in your projects. These are the following: The problem with Keycloak Admin REST API can be mitigated from an architectural perspective by just replacing local Keycloak users with a… Read More »
Latency degradation due to JVM GC This story is about choosing the correct garbage collector and its potential impact on performance. Performance is typically divided into two main areas of interest: Of course, I mentioned these two areas as a matter of interest in this article, but you may have your own perspective. So, what is JVM ergonomics?… Read More »
We basically need a Windows Server for various experiments, such as studying Keycloak federation with AD, exploring different types of attacks like Kerberoasting, learning the Kerberos protocol, and ADFS and SAML integration with Keycloak and etc. It’s not a supported installation of Windows Server on ARM architecture so a simple way is to have separate laptop with installed… Read More »
Intro Imagine, that you know that attackers are on a particular host but you have no idea whether they are persisted on another ones, servers, domain controllers. Detecting fileless artifacts, such as beacons in the case of Cobalt Strike, is not as easy as it may seem. Two interesting techniques that can be used here are: Below are… Read More »
Intro Some time ago, I was involved in defending against a cyber attack (or perhaps an attack simulation) at Company X. I believe this example will be particularly interesting for those who want to deepen their understanding of how attackers operate and what defense approaches can help companies protect themselves. This story is a real-world example of an… Read More »
Intro Correctly configured AppLocker rules prevent the execution of untrusted executable files, scripts, and other potentially harmful content. However, it is essential to simplify the process of creating these rules by minimizing the overhead required to maintain them. And one of the popular way to do that is allowing execution of files signed by Microsoft and/or other well-known… Read More »
This is one of the posts related to the attack on Company X, and it discusses shellcode decryption. A popular technique to avoid AV detection is using simple XOR encryption. In our case, the attacker used encrypted shellcode, and to understand what code was executed by this shell, I needed to decrypt it first. I don’t remember all… Read More »