SANS Webcast: Kerberos & Attacks 101

Рет қаралды 26,731

Күн бұрын

Learn ethical hacking: www.sans.org/sec560
Kerberos & Attacks 101
Presented by: Tim Medin
Want to understand how Kerberos works? Would you like to understand modern Kerberos attacks? If so, then join Tim Medin as he walks you through how to attack Kerberos with ticket attacks and Kerberoasting. Well cover the basics of Kerberos authentication and then show you how the trust model can be exploited for persistence, pivoting, and privilege escalation.
Tim is the founder and Principal Consultant at Red Siege (www.redsiege.com), a company focused to adversary emulation and penetration testing. Tim is also the SANS MSISE Program Director and author of several SANS courses. Through the course of his career, Tim has performed penetration tests on a wide range of organizations and technologies. He gained information security experience in a variety of industries including previous positions in control systems, higher education, financial services, and manufacturing. Tim is an experienced international speaker, having presented to organizations around the world. Tim is also the creator of Kerberoasting, a technique to extract kerberos tickets in order to offline attack the password of enterprise service accounts. Tim earned his MBA through the University of Texas.

Пікірлер: 8

@luizfelipegrillo9134 4 жыл бұрын

Awesome Webcast! Thanks a lot!

@omarfayyad1 2 жыл бұрын

I loved your presentation mate. Thank you so much for the detailed yet simple explanation! - Thank you sir!

@ThePaulSIN Жыл бұрын

Great presentation. Very insightful and educational!

@CyberCelt. 2 жыл бұрын

This was really great. Is there anywhere to download the presentation please?

@su8z3r03 7 ай бұрын

@4:54 The statement "Kerberos uses shared secrets for authentication in a Windows domain, there is only one, the NTLM hash" is not entirely accurate. While it is true that NTLM (NT LAN Manager) is a legacy authentication protocol used in Windows environments, Kerberos is the primary authentication protocol used in Active Directory domains. Kerberos does not rely on shared secrets in the same way as NTLM. Instead, it uses a trusted third-party authentication system and symmetric key cryptography to verify the identities of users and services within a network. Kerberos authentication involves the use of tickets and does not directly rely on the storage of password hashes. Furthermore, the statement overlooks the fact that Kerberos also involves the use of a Kerberos hash, which is derived from the user's password and is used in the authentication process. In summary, the statement oversimplifies the authentication mechanisms used in Windows domains and does not accurately represent the role of Kerberos and the use of shared secrets in the context of Windows domain authentication.

@stevetollaksen 3 жыл бұрын

Hold up - exceptionally difficult to rotate the KRBTGT password? What process is this dude using to rotate the password? How is waiting 24-48 hours exceptional? My understanding is that you change the password, wait for it to replicate, then change it again. That could take 48 hours if you have globally disparate DC's or set the time to some insane lengths, but the majority of businesses have 1-3 datacenters and replication takes less than an hour. How is that exceptionally difficult to do?