Overview
This course teaches learners how to exploit the weaknesses in Kerberos' RC4 encryption implementation and spoof Windows PACs. The learning outcomes include understanding Kerberos, identifying known weaknesses, computing MD5 collisions, and exploiting the vulnerabilities. The course covers the steps to perform the attack, such as computing collisions, storing collision bytes, and requesting PAC authorization data. The teaching method involves a presentation by the instructor, Tom Tervoort. This course is intended for cybersecurity professionals interested in understanding and mitigating vulnerabilities in Kerberos' RC4 encryption and Windows PACs.
Syllabus
Introduction
What is Kerberos?
Default supported encryption types
Known weaknesses
Computing MD5 collisions
How to exploit?
A protocol using the broken CHKSUM
PAC authorization data
A small HashClash hack
Step 2: compute collision
Step 3: store collision bytes in scriptPath request PAC again
The problem with MAC-over-MAC
A successful (but limited) exploit
The patches
Black Hat Sound Bytes
Taught by
Black Hat