#pingonehound — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #pingonehound, aggregated by home.social.
-
🛠️ Tool
===================Executive summary: PingOneHound is an OpenGraph extension for BloodHound Community Edition and BloodHound Enterprise designed to discover, analyze, and help remediate identity-based attack paths inside PingOne organizations. The work was carried out by SpecterOps researchers using a Ping Identity–provided PingOne environment.
Technical details:
• Purpose: Map PingOne objects (organization, environments, users, groups, roles, applications) into a graph model consumable by BloodHound to reveal chains of authorization and authentication that can be abused.
• Primary mechanics: PingOne supports identity federation standards such as SAML and OIDC, enabling authentication from one system and authorization by another; these federated flows expand the potential attack surface across trust boundaries.
• Vocabulary modeled: organization (top level), environment (contains users/groups/roles/apps), the auto‑created Administrators environment, users, groups, and role assignments.Key features of PingOneHound:
• Graph ingestion of PingOne environment objects into BloodHound-compatible schemas.
• Identification of role assignment propagation rules and group membership behaviors that affect privilege paths.
• Visibility into federation‑driven paths that reach into or out of a PingOne instance.Implementation concepts:
• The extension maps PingOne API objects into nodes and relationships, preserving distinctions between direct group membership and nested group structures.
• The model encodes that role assignments are delegated only to direct group members; nested group membership does not confer those roles, and attribute‑based automatic group membership is blocked for groups that hold role assignments.Use cases:
• Red teaming and purple team exercises focused on identity abuse in cloud IdPs.
• Defender analysis to enumerate risky role assignments, overly broad group configurations, and federation trust paths.Limitations and considerations:
• Behavior modeled is constrained by PingOne configuration and API visibility; findings depend on the available object graph from the environment provided.
• The extension surfaces paths but does not by itself exploit them; operationalization requires complementary tools and context.🔹 PingOne #BloodHound #PingOneHound #SpecterOps #tool
🔗 Source: https://specterops.io/blog/2025/10/20/pingone-attack-paths/