topic How to prevent ADFSjacking with Cortex XDR. Is it possible? in Cortex XDR Discussions https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-prevent-adfsjacking-with-cortex-xdr-is-it-possible/m-p/1236373#M8678 <P data-unlink="true">Just reviewed an article on <A href="https://cybersecuritynews.com/phishing-campaign-microsoft-365/" target="_self">ADFSjacking</A>&nbsp;in Office365.&nbsp; Is this something that can be prevented or blocked using Cortex XDR and/or the Advanced Threat Detection or Advanced URL Filtering add-ons for PAN NGFW?&nbsp;&nbsp;</P> Wed, 20 Aug 2025 18:27:30 GMT kenlacrosse 2025-08-20T18:27:30Z How to prevent ADFSjacking with Cortex XDR. Is it possible? https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-prevent-adfsjacking-with-cortex-xdr-is-it-possible/m-p/1236373#M8678 <P data-unlink="true">Just reviewed an article on <A href="https://cybersecuritynews.com/phishing-campaign-microsoft-365/" target="_self">ADFSjacking</A>&nbsp;in Office365.&nbsp; Is this something that can be prevented or blocked using Cortex XDR and/or the Advanced Threat Detection or Advanced URL Filtering add-ons for PAN NGFW?&nbsp;&nbsp;</P> Wed, 20 Aug 2025 18:27:30 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-prevent-adfsjacking-with-cortex-xdr-is-it-possible/m-p/1236373#M8678 kenlacrosse 2025-08-20T18:27:30Z Re: How to prevent ADFSjacking with Cortex XDR. Is it possible? https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-prevent-adfsjacking-with-cortex-xdr-is-it-possible/m-p/1236444#M8680 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/102416">@kenlacrosse</a>&nbsp;</P> <P>Cortex XDR cannot outright “block” ADFS jacking, since it’s not a malware signature but an abuse of identity federation.</P> <P>&nbsp;</P> <P>However, XDR can help detect the techniques around it (like credential dumping, DLL injection, or suspicious PowerShell use) and increase visibility into ADFS activity with the right BIOCs and log integrations.</P> <P>&nbsp;</P> <P>If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.</P> <P>&nbsp;</P> <P>KR,</P> <P>Luis</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 21 Aug 2025 15:02:46 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/how-to-prevent-adfsjacking-with-cortex-xdr-is-it-possible/m-p/1236444#M8680 eluis 2025-08-21T15:02:46Z