In my earlier blog post I explained how to create a backdoor to Azure AD using an identity federation vulnerability feature I discovered in 2017. In this blog post, I’ll explain how to create a backdoor using Seamless SSO and how to exploit it using forged Kerberos tickets.
