TI Mindmap HUB
Threat Intelligence Report

The ‘Ghost’ in the Database: Recovering Active ADFS Signing Keys via Machine DPAPI

📅 July 7, 2026 📰 cloud.google.com 🔍 0 CVE(s) referenced

Attackers can stealthily recover active ADFS signing keys from the machine DPAPI store—bypassing common detection methods and enabling full SAML token forgery—if manual certificate rotation creates configuration drift, making this a critical but often overlooked risk for enterprises.

vendor

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap
🎯 IOC Extraction
⚔️ MITRE ATT&CK TTPs
📦 STIX 2.1 Bundle