This course aims to teach learners how to protect Kerberos authentication using network monitoring. The learning outcomes include understanding why attackers target Kerberos, detecting and defeating attacks like Golden Ticket, Forged PAC, and Skeleton Key through network monitoring, and learning about the "Diamond PAC" attack variant. The course teaches skills such as detecting Kerberos attacks, using network monitoring for security, and utilizing the "Kerberos Leash" tool for defense. The teaching method involves a presentation of research findings and the release of a detection tool. The intended audience for this course includes cybersecurity professionals, network administrators, and individuals interested in enhancing their knowledge of network security and authentication protocols.
Watching the Watchdog - Protecting Kerberos Authentication With Network Monitoring
Overview
Syllabus
Watching the Watchdog Protecting Kerberos
Why do Attackers Target Kerberos?
Kerberos: Stealing
The attack campaign • Attackers installed a malware on DC to authenticate as any user by using a secret password
AES vs. RC4: Key Derivation
Attacker + RC4
The Skeleton Key Malware: Kerberos
Skeleton Key Malware Detection
PAC (Privilege Attribute Certificate)
TGT Integrity
Let's Play Spot the Difference
Golden Ticket in the Wild
Diamond PAC exploit
Questions?
Taught by
Black Hat
