Presented at
Black Hat Asia 2017,
March 30, 2017, 11:45 a.m.
(60 minutes)
Delegation is the assignment of responsibility or authority to another identity to carry out specific activities. It is one of the core concepts of management, shifting the decision-making authority from one organizational level to a lower one and empowering a subordinate to take responsibility. In Windows networks, delegation allows a service to impersonate a user or computer in order to access resources throughout the network.<br><br> While delegation is being used in almost every enterprise, it is still one of the most confusing and least-understood mechanisms in Kerberos and Active Directory. In many cases, the accounts that are running applications and services which are trusted for delegation are misconfigured and, thus, ripe for exploitation.<br><br> This talk will review what delegation is, what types of delegation exist, and how they are used in enterprises. The session will include a demonstration of how an attacker can impersonate another user and elevate privileges by exploiting built-in functionalities in Kerberos delegation, enabling remote execution with arbitrary user through unexpected services. In the session, an open source tool for identifying and abusing vulnerable accounts that allow for delegation will be introduced. Finally, some guidance will be shared that will allow tightening up of delegation rights to minimize risk.
Presenters:
-
Matan Hart
- Cybersecurity Researcher, CyberArk
Matan Hart is a security researcher (he doesn't like the term 'cyber') at CyberArk Labs, where he researches targeted attacks (he also doesn't like the term 'APT') and hacking techniques to come up with novel detection and mitigation capabilities. Based on his extensive experience in the Israeli Air Force and Israeli Defense Force as a forensics investigator and malware analyst, Matan believes that the world is an open field for innovation and improvement – and the bad guys needn't always win.
Links:
Similar Presentations: