leastprivilege.com
Token Kidnapping (revisited)
It’s been a while since I linked to Cesar Cerrudo’s slide deck about token kidnapping. Now there is also a POC available (with samples how to use it from SQL Server and IIS). There is a…