Collaborate Disseminate
The tool Responder written in Python permits to listen on a specific network card requests and automatically poisoning victims the steal hash NTLMv1 and hash NTLMv2.
The attack Pass-The-Hash permits to connect to a service like SMB.
I am a… Continue reading Is it possible make a Pass-The-Hash attack with Responder?
As far as I know, in order to create a Golden Ticket, the attacker needs to obtain the krbtgt’s password’s hash, which is not a trivial task. My question is: is it possible to find the krbtgt’s password by getting a legitimate TGT (encrypt… Continue reading Kerberos – obtaining the krbtgt’s secret in order to perform Golden Ticket attack
If someone can implement the all the functionalities that Authorization server and Ticket Granting Server in one server, why not do it?
Continue reading Why Kerberos protocol defines two servers? [migrated]
Is it really stupid to consider migrating every Windows machine into a Linux OS (waybe Debian/Ubuntu/Mint) whatever Debian-based customized distro in order to minimize risks in a company that is heavily security-oriented?
Is there actually… Continue reading Migrating Windows to Linux pros and cons [closed]
I have a Synology NAS that I’m trying to access over NFS from a couple of systems running archlinux (a laptop and a server). I’d like to get NFSv4 id mapping working so that I don’t have to align the user ids between all these systems, and… Continue reading Kerberos tickets for service accounts and NFSv4 id mapping
I’m learning about how Kerberos and it’s common exploits work and I’m a little confused. In this video explaining the process we see that at one of the earlier points the user is provided with two packets, one of them being a TGT:
http://… Continue reading What exactly could we get as an attacker if Kerberos Pre-Authentication is disabled?
If I have a webapplication in my internal Microsoft Windows network I’m aware that I can use the kerberos protocol to make a Single Sign on (SSO) into this application with the web browser.
Is it a good idea to use kerberos for SSO in an … Continue reading Is it possible to use Kerberos for SSO in a SaaS application?
I understand that Kerberos is the recent authentication protocol used in windows environment and that NTLM is still supported for interoperability only.
I want to know in non domain environments,if i am logging to my own pc at home which h… Continue reading NTLM Modern usage
When you’re using unconstrained delegation, a service A is allowed to authenticate as the user B to any other service. This happens because the user B sends its TGS along with its TGT to the service A, and service A can then request other … Continue reading Is kerberos unconstrained delegation partially safer than constrained delegation?
Kerberos is an authentication protocol that is famously built using only symmetric ciphers.
As a direct result of this, there are several attacks possible, such as
AS-REP Roasting
AS-REQ Roasting
Kerberoasting
Silver Tickets
Golden Tick… Continue reading Are there any reasons for Kerberos being based on symmetric cryptography?