Presented at
DEF CON 32 (2024),
Aug. 10, 2024, noon
(105 minutes).
The Metasploit Framework released version 6.4 earlier this year, including multiple improvements to Kerberos-related attack workflows. The latest changes added support for forging diamond and sapphire tickets, as well as dumping tickets from compromised hosts. Metasploit users can now exploit unconstrained delegation in Active Directory environments for privilege escalation as well as use pass-the-ticket authentication for the Windows secrets dump module. These new Kerberos improvements increase the ways in which tickets can be forged, gathered, as well as used. Additionally, Metasploit has added support for new protocol based sessions, allowing users to interact with targets without uploading payloads, thus increasing their evasive capabilities. These new sessions can be established to database, SMB and LDAP servers. Once opened, they enable users to interact and run post modules with them, all without running a payload on the remote host. Finally, version 6.4 includes a complete overhaul of how Metasploit handles its own DNS queries. These improvements ensure that users pivoting their traffic over compromised hosts are not leaking their queries and offer a high degree of control over how queries should be resolved. This demonstration will cover these latest improvements and show how the changes can be combined for new, streamlined attack workflows using the latest Metasploit release.
Presenters:
-
Jack Heysel
- Senior Security Researcher at Rapid7
Jack Heysel is a Senior Security Researcher at Rapid7, where he contributes to and helps maintain the Metasploit Framework. Jack started at Rapid7 in 2016 working on their vulnerability management solution. He transitioned to the Metasploit team in 2021 and has been happily writing and reviewing exploits ever since. While AFK, Jack enjoys exploring the mountains and outdoors that surround his home.
-
Spencer McIntyre / ZeroSteiner
- Security Research Manager at Rapid7
as Spencer McIntyre
Spencer McIntyre is a Security Research Manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, Spencer worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open-source contributor and comic book reader.
Similar Presentations: