08-20-2025 11:27 AM
Just reviewed an article on ADFSjacking in Office365. Is this something that can be prevented or blocked using Cortex XDR and/or the Advanced Threat Detection or Advanced URL Filtering add-ons for PAN NGFW?
08-21-2025 08:02 AM
Hi @kenlacrosse
Cortex XDR cannot outright “block” ADFS jacking, since it’s not a malware signature but an abuse of identity federation.
However, XDR can help detect the techniques around it (like credential dumping, DLL injection, or suspicious PowerShell use) and increase visibility into ADFS activity with the right BIOCs and log integrations.
If you feel this has answered your query, please let us know by clicking like and on "mark this as a Solution". Thank you.
KR,
Luis
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
