Abusing Microsoft Kerberos: Sorry You Guys Don't Get It

Presented at Black Hat USA 2014, Aug. 7, 2014, 11:45 a.m. (60 minutes).

Microsoft Active Directory uses Kerberos to handle authentication requests by default. However, if the domain is compromised, how bad can it really be? With the loss of the right hash, Kerberos can be completely compromised for years after the attacker gained access. Yes, it really is that bad. In this presentation Skip Duckwall, @passingthehash on twitter and Benjamin Delpy, @gentilkiwi on twitter and the author of Mimikatz, will demonstrate just how thoroughly compromised Kerberos can be under real world conditions. Prepare to have all your assumptions about Kerberos challenged!

Presenters:

  • Alva Duckwall - Unnamed Startup
    Alva "Skip" Duckwall has been using Linux back before there was a 1.0 kernel and has since moved into the information security arena doing anything from computer/network auditing, to vulnerability assessments and penetration testing. Skip holds the following certs (among others) :GSE, CISSP, CISA, and RHCE.
  • Benjamin Delpy
    Benjamin Delpy, is a security researcher know as 'gentilkiwi'. Security enthusiast, he publishes tools and articles in order to speak about product weaknesses and to prove some of his ideas. Mimikatz was his first software that reached an international audience. It is now recognized as a Windows security audit tool - http://blog.gentilkiwi.com/mimikatz

Links:

Similar Presentations: