This course focuses on exploring a new class of Active Directory protocol injection attacks, specifically targeting the Kerberos and NTLM authentication protocols. The learning outcomes include understanding previous MitM attacks on Active Directory authentication protocols, learning about relay attack techniques, and exploring mitigation strategies. The course teaches skills such as NTLM basics, NTLM injection versus NTLM relay, and Kerberos injection mitigation. The teaching method involves a presentation format with a syllabus covering various topics related to the attacks and defenses. The intended audience for this course includes cybersecurity professionals, network administrators, and individuals interested in understanding and mitigating security vulnerabilities in Active Directory environments.
Is This My Domain Controller? A New Class of Active Directory Protocol Injection Attacks
Overview
Syllabus
Intro
Today's Talk
The Plan
NTLM Basics
NTLM Injection Vs NTLM Relay
NTLM Injection Example - GPO Update
New Attack Case - Azure AD Connect
NTLM Injection Against AD Connect
Microsoft Response
KDC Spoofing Protection
What we need for the attack
VMWare Center
Attack Scenario
Kerberos Injection - How to Mitigate?
Responsible Disclosure
Closing Remarks
Tips for Defenders
Taught by
Black Hat
