Breaking Active Directory Using Publicly Documented Kerberos Features

Presented at Kawaiicon 2 (2022) Rescheduled, July 1, 2022, 4:30 p.m. (30 minutes).

In November 2021 both Samba and Windows released very similar security updates. By December 2021 other security researchers had publicly worked out what happened. This is the story of the year prior, the ups and downs of coordinated disclosure and important lessons learnt dealing with MSRC.

Andrew Bartlett will show how a choice in the implementations of and interaction between Kerberos and other parts of Active Directory was in fact a critical vulnerability hidden in plain sight.

Finally, Andrew will note that while MachineAccountQuota is a terrible idea, there is no value in being sumg: Samba ended up just as bad even without that ‘feature'.

Presenters:

• Andrew Bartlett
  Andrew Bartlett is a Samba developer, Samba Team member and leads the Samba development effort at Catalyst here in Wellington. Andrew has been working on Samba and Windows authentication protocols for over 20 years now. Finally, Andrew has been recognised by Microsoft on their Q4 2021 Security Researcher leaderboard (at #89 globally). When not hacking Samba and Windows he likes to be found on his trusty, fully human-powered, pushbike.

Links:

• https://kawaiicon.org/talks/samba/

Similar Presentations:

• NolaCon 2018 / Active Directory Security: The Journey
• Objective by the Sea version 3.0 (2020) / Walking the Bifrost: An operator's guide to Heimdal and Kerberos on macOS
• DEF CON 31 (2023) / A Broken Marriage: Abusing Mixed Vendor Kerberos Stacks