Collaborate Disseminate
I have Linux servers which are members of AD domain, running SSSD demon.
SSSD is "Kerberized" and I also do want use Kerberos for Oracle db authentication.
NOTE: this is not purely about Oracle database. This can be applied to an… Continue reading Oracle Kerberos authentication on Linux host with SSSD
Microsoft is adding new features to the Kerberos protocol, to eliminate the use of NTLM for Windows authentication.
The post Microsoft Improving Windows Authentication, Disabling NTLM appeared first on SecurityWeek.
Continue reading Microsoft Improving Windows Authentication, Disabling NTLM
I have worked as a system administrator mainly on Widnows Server for some years now.
Over the course of time I’ve always had a hard time trying to fully understand how Kerberos work.
For about 3 weeks as of now I have been informing and st… Continue reading Kerberos – NTLM Password Hashes – Questions!
I identified several signs of attacks that use forged certificates inside the network and developed a Proof-of-Concept utility capable of finding artifacts in AD, as well as a number of detection logic rules that can be added to SIEM. Continue reading Anomaly detection in certificate-based TGT requests
I’m currently working on a lab for AD penetration testing and want some of the machines to have a logon, including the TGT, for a specific domain user cached. So far I couldn’t come up with anything better than using the Winlogon feature. … Continue reading simulating a domain user logon on machine startup
As you know, during a kerberoasting attack, we can intercept the TGS ticket and use brute force tools (john the ripper, hashcat) to find out the password of the service accounts that signed the TGS tickets.
Is it possible to do the same fo… Continue reading Is it possible to get krbtgt hash from TGT ticket?
It’s said that a Windows Machine Account Password is usually composed of 120 characters in UTF-16-LE format. But when looking at the value stored in the Windows Registry under HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC\CurrVal one finds a s… Continue reading How is a Windows Active Directory Machine Account Password stored in Windows/Samba Clients?
I have a question in my mind regarding the inner workings of Kerberos protocol. If the generation of the session key is somehow insecure, does this compromise the security of the Kerberos protocol?
I am thinking at the point of the Ticket … Continue reading Kerberos protocol attacks?
I’m using mimikatz to retrieve a user’s password hashes from Active Directory with the following command:
lsadump::dcsync /user:mimikatz
The user’s password is Pa55w.rd.
The output is
…
Credentials:
Hash NTLM: 377565f7d41787414481a283… Continue reading Why do I see LM hashes stored in Active Directory?
If you look at the above Kerberos protocol’s diagram, you can find that the protocol works on the basis that the (symmetric) client key initially exists on both the client node and the key distribution center.
Then, the question is, how c… Continue reading How can a client safely post/get a (symmetric) client key to/from a key distribution center?