No video
Kerberos & Attacks 101
Рет қаралды 11,948
Күн бұрынJoin us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Reach out to Black Hills Infosec if you need pentesting, threat hunting, ACTIVE SOC, incident response, or blue team services -- www.blackhillsinfosec.com/
00:00 - 45 Seconds of Banter
00:45 - The Creator Of Kerberosting
01:48 - What Is Kerberos?
04:49 - How It Works
09:23 - PAC: Privilege Attribute Certificate
12:27 - Service Ticket
14:12 - SPN : Service Principal Name
16:22 - Three Long Term Keys
23:39 - I Got A Golden Ticket
24:57 - Ticket Flow
27:49 - Skeleton Key
30:42 - Kerberoasting On an Open Firewall
33:23 - Extract and Crack
34:04 - Silver Ticket
35:25 - Insert Demo Here
37:24 - Cracking Tickets To Get You Out Of Server Jail
43:52 - Trollmode Engaged
45:24 - Pass-The-Ticket
46:05 - Over-Pass-The-Hash
46:37 - Wrap-Up
52:36 - We Have Some Questions
59:25 - 45 More Seconds of Banter
Description: We’re really excited to have a close member of our BHIS extended family, Tim Medin from Red Siege InfoSec, here for a webcast on Kerberos & Attacks 101. Tim is the creator of Kerberoasting.
Want to understand how Kerberos works? Would you like to understand modern Kerberos attacks? If so, then join Tim Medin as he walks you through how to attack Kerberos with ticket attacks and Kerberoasting. We'll cover the basics of Kerberos authentication and then show you how the trust model can be exploited for persistence, pivoting, and privilege escalation.
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest KZbin: / wildwesthackinfest
Active Countermeasures KZbin: / activecountermeasures
Antisyphon Training KZbin: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#bhis #infosec
@playmaker1011 4 жыл бұрын
Nice, more REAL stuff, thanks a bunch guys 🔥🔥🔥
@alcololicu 4 жыл бұрын
Literally the day after I wanted to know more about attacking Kerberos and AD. Awesome talk once again.
@Warlock1515 4 жыл бұрын
This was dense! Thank you!
Black Hills Information Security
Рет қаралды 4,3 М.
Black Hills Information Security
Рет қаралды 24 М.
Black Hills Information Security
Рет қаралды 28 М.