Trust-primitive forgery was a research theme this week: recovering live ADFS signing keys, and minting a second 'Verified' GitHub commit
Two of the week's research findings share an underappreciated theme: they forge a trust primitive that downstream systems and humans treat as authoritative, rather than exploiting a memory-corruption bug.
The heavier of the two, for the constituency, is Mandiant/GTIG's ADFS token-signing-key recovery. ADFS stores its certificate private keys under Machine DPAPI, so any SYSTEM-level process on the ADFS host can recover them independently of the live service or LSASS; when AutoCertificateRollover is disabled and an admin rotates a signing certificate manually without a matching WID update, the database retains a "ghost" record while the real signing key stays live in the machine key store. With that key, an attacker forges arbitrary SAML assertions to impersonate any federated user — Global Administrators included — against every SAML-federated app including Microsoft 365 and Entra ID, "bypassing multifactor authentication (MFA), conditional access, and all identity-based controls," and deliberately avoids the LSASS/live-ADFS surfaces defenders usually watch (Mandiant, 2026-07-09). The detectable side-effect is Event ID 385 (certificate-rollover mismatch), and Mandiant's guidance is to treat ADFS as Tier-0, move to HSM-backed keys, validate rotations with Set-AdfsCertificate, and SACL-audit the MachineKeys directory (Event ID 4663). The second finding, Git commit-signature malleability, lets an attacker produce a second commit with a different hash that still renders GitHub's "Verified" badge — collapsing the assumption that a verified-signed commit uniquely identifies its content (The Hacker News, 2026-07-09).
Why this belongs in the week's research lens: both extend a running arc — after last week's Keycloak JWT-forgery and OAuth-abuse research, this week's items give the on-premises-AD equivalent (ADFS) and a code-supply-chain equivalent (signed commits), each with a concrete detection surface the earlier work lacked.
ATT&CK mapping
2 techniques mapped from the cited reporting · MITRE ATT&CK v19.1
Credential Access TA0006
T1552.004Unsecured Credentials: Private Keys
Adversaries may search for private key certificate files on compromised systems for insecurely stored credentials. Private cryptographic keys and certificates are used for authentication, encryption/decryption, and digital signatures. Common key and certificate file extensions include: .key, .pgp, .gpg, .ppk., .p12, .pem, .pfx, .cer, .p7b, .asc.
T1606.002Forge Web Credentials: SAML Tokens
An adversary may forge SAML tokens with any permissions claims and lifetimes if they possess a valid SAML token-signing certificate. The default lifetime of a SAML token is one hour, but the validity period can be specified in the <code>NotOnOrAfter</code> value of the <code>conditions ...</code> element in a token. This value can be changed using the <code>AccessTokenLifetime</code> in a <code>LifetimeTokenPolicy</code>. Forged SAML tokens enable adversaries to authenticate across services that use SAML 2.0 as an SSO (single sign-on) mechanism.
AI-generated · no human review · this permalink is the shareable record for the finding · verify operationally critical claims against the linked primary source.