Spooky authentication at a distance

Presented at DEF CON 31 (2023), Aug. 12, 2023, 3 p.m. (45 minutes).

Spooky authentication at a distance outlines a new and innovative post-exploitation technique to proxy common authentication protocols used in Windows environments remotely and with no elevated privileges required. This allows security professionals to perform complete impersonation of the target user on their own machine without executing any further code on the target machine besides the agent itself. This talk will also demonstrate the applicability of this new technique by performing no-interaction, full domain takeover using a malicious peripheral in a simulated restricted environment. REFERENCES: Tools which will be showed in the demos: [AioSMB] https://github.com/skelsec/aiosmb [MSLDAP] https://github.com/skelsec/msldap [WSNet] https://github.com/skelsec/wsnet [OctoPwn] https://community.octopwn.com [Asyauth] https://github.com/skelsec/asyauth [Aardwolf] https://github.com/skelsec/aardwolf My previous talk on [OctoPwn] the in-browser pentest suite can be found here: https://youtu.be/jStdrDHTmD4​ Related tools: [PYODIDE] Octopwn uses Pyodide framework to run in the browser. https://github.com/pyodide/pyodide [LDAP3] The MSLDAP project used code parts from this project. https://ldap3.readthedocs.io/en/latest/ [RDPY] The Aardwolf RDP clinet is based on this tool. https://github.com/citronneur/rdpy [BLOODHOUND] Jackdaw was based on this tool. https://github.com/BloodHoundAD/BloodHound [IMPACKET] aioSMB libraries were based partially on this tool. https://github.com/fortra/impacket [LsaRelayX] Future extension https://github.com/CCob/lsarelayx [duckencoder] To automate keystrokes on the embedded system https://github.com/mame82/duckencoder.py

Presenters:

  • Tamas Jos (SkelSec) - Principal Security Consultant at Sec-Consult AG
    Tamas Jos (@skelsec) is a principal security consultant at SEC Consult (Schwiez) AG. He has worked within the information security industry for over 10 years, focusing mainly on reversing topics across many industries around the globe. He has an in-depth technical appreciation of Windows security, which heavily influences his research. This often takes him down many low level rabbit holes, leading to the creation and maintenance of well-received open-source projects, such as pypykatz & OctoPwn. You can find Tamas’ musings on his blog at https://github.com/skelsec/

Links:

Similar Presentations: