Collaborate Disseminate
I know that in Active Directory environments passwords are stored in the form of hashes depending on encryption types used in the environment.
I understand also that when using AES as a symmetric encryption type, the user password goes thr… Continue reading Hashed Password Kerberos PKDF2 AES – ActiveDirectory
I’m implementing SPNEGO-based Kerberos authentication for a Linux client application for authenticating requests to a Windows IIS server.
I’ve read RFC4559, which describes how authentication should be performed:
https://datatracker.ietf.o… Continue reading SPNEGO-based Kerberos authentication: Should I create a new security context using `gss_init_sec_context` for every request?
My manager said that kerberos passwords are hashed using aes256-cts-hmac-sha1-96 & aes128-cts-hmac-sha1-96 algorithms.
I that these are hot hashing algorithms but encryption algorithms.
My manager send me an email:
For Kerberos authen… Continue reading How kerberos hashes its keys? [closed]
It’s time to stop relying on the insecure authentication protocol built into Windows. Microsoft is making it easier to switch to secure modern options. Continue reading Microsoft Improves Windows Security with a Path to Move Off NTLM
I am trying to replicate Shadow Credentials attack in Active Directory environment. My initial approach was to:
Use Whisker to create a new certificate on behalf of DC (successful):
Whisker.exe add /target:dc-2$
Use the newly created ce… Continue reading Shadow Credentials attack with TGT and TGS
Here is my thought process:
I want to use smartcards without passwords for my setup. We don’t want to use Iris or fingerprint or voice. I only want to put in the card whenever something needs to authenticate and when I take out the card wh… Continue reading How to mitigate spoofing, keylogging password, stealing public key with smart card with external/internal smart card reader?
On a Windows host, which is a member of AD domain and authentication is Kerberos-based, how does a browser get TGT and Service ticket to access a specific service? I want to understand what APIs it uses at the implementation level.
On a Windows host, which is a member of AD domain and authentication is Kerberos-based, how does a browser get TGT and Service ticket to access a specific service? I want to understand what APIs it uses at the implementation level.
I have Linux servers which are members of AD domain, running SSSD demon.
SSSD is "Kerberized" and I also do want use Kerberos for Oracle db authentication.
NOTE: this is not purely about Oracle database. This can be applied to an… Continue reading Oracle Kerberos authentication on Linux host with SSSD
Microsoft is adding new features to the Kerberos protocol, to eliminate the use of NTLM for Windows authentication.
The post Microsoft Improving Windows Authentication, Disabling NTLM appeared first on SecurityWeek.
Continue reading Microsoft Improving Windows Authentication, Disabling NTLM