|
|
|
|
|
|
by eurasiantiger
1550 days ago
|
|
|
Once a threat actor has access to internal, less hardened systems, it is a matter of time until they have access to everything. In this case it’s a matter of privilege escalation at best and RCE at worst, no lateral movement required unless it’s easier to escalate directly in the IdP system or as a MitM between the IdP and the service in the screenshot. |
|
|
I have no idea what your point is. Also not sure if what you mean by "internal system" here. I can also log on to Azure Devops service (it public), but that doesn't mean I can access windows source code.