How does the browser know windows logged in user id or Kerberos TGT?

My organization uses SSO for its applications i.e. Once a user logs into his Windows 10 workstation, he accesses his web application without login. I was informed that the web applications uses NetIQ Identity Manager(IdP) and Kerberos in t… Continue reading How does the browser know windows logged in user id or Kerberos TGT?

How to obtain Service Tickets (TGS) for Service Accounts with no SPNs (ServicePrincipalName) set?

The first step in a kerberoasting attack is to discover Service Accounts via AD enumeration. One way to do so is searching LDAP for any registered SPNs (Service Principal Names). However, from my understanding, service accoun… Continue reading How to obtain Service Tickets (TGS) for Service Accounts with no SPNs (ServicePrincipalName) set?

Is there any existing attempted implementation of GSS-API/SPNEGO/GSS-SPNEGO for anything other than Kerberos / NTLM?

I’m aware that SPNEGO is de-facto only used in the wild for Kerberos or NTLM. Is there any research / academic / educational example on how it can be also used for other mechanisms as well?

Continue reading Is there any existing attempted implementation of GSS-API/SPNEGO/GSS-SPNEGO for anything other than Kerberos / NTLM?