Port 22

Abusing Replication: Stealing AD FS Secrets Over the Network

      &lt;IsChainIncludedSpecified&gt;false&lt;/IsChainIncludedSpecified&gt;<br />
           
      &lt;FindValue&gt;99FABAEE46A09CD9B34B9510AB10E2B0C0ACB99B&lt;/FindValue&gt;<br />
           
      &lt;RawCertificate&gt;&lt;/RawCertificate&gt;<br />      
       &lt;EncryptedPfx&gt;&lt;/EncryptedPfx&gt;<br />       
      &lt;StoreNameValue&gt;My&lt;/StoreNameValue&gt;<br />     
       
      &lt;StoreLocationValue&gt;CurrentUser&lt;/StoreLocationValue&gt;<br />
           
      &lt;X509FindTypeValue&gt;FindByThumbprint&lt;/X509FindTypeValue&gt;<br />
          &lt;/SigningToken&gt;</span></td> </tr></tbody></table>

      http://schemas.microsoft.com/ws/2008/06/identity/claims/<br />
        primarysid, Value ==
      S-1-5-21-3508695881-2242692613<br />    -376241919-1107])
      =&gt; issue(Type = http://schemas<br />   
      .microsoft.com/authorization/claims/permit, Value = <br />
        true);<br />   @RuleName = Permit Local
      Administratorsexists([Type ==<br />  
      http://schemas.microsoft.com/ws/2008/06/identity/claims/group<br />
       sid, Value == S-1-5-32-544])=&gt; issue(Type =
      &amp;quot<br />  
      ;http://schemas.microsoft.com/authorization/claims/permit,
      Value<br />    = true);<br />  
  &lt;/AuthorizationPolicy&gt;</span></td> </tr></tbody></table>