No announcement yet.

Workshop Information: Constructing Kerberos Attacks with Delegation Primitives

  • Filter
  • Time
  • Show
Clear All
new posts

  • Workshop Information: Constructing Kerberos Attacks with Delegation Primitives

    Title: Constructing Kerberos Attacks with Delegation Primitives

    Instructor: Elad Shamir & Matt Bush

    Abstract: Kerberos delegation is a dangerously powerful feature that allows services to impersonate users. Due to the complexity of Kerberos delegation attacks, they are often overlooked or left unexplored. However, the introduction of Resource-based Constrained Delegation substantially widens the Kerberos attack surface, making it more important than ever for security professionals to engage with this challenge. This workshop will offer security professionals a deep dive into Kerberos delegation and demonstrate how it can be abused for privilege escalation and lateral movement.

    We will open with a crash-course in Microsoft’s Kerberos implementation and its delegation features, from the fundamentals of Kerberos authentication, through legacy unconstrained delegation, to classic constrained delegation. We will offer demos and hands-on labs to experiment with abusing these features.

    In the second half of the workshop, we will cover resource-based constrained delegation, explain the differences between classic constrained delegation and resource-based constrained delegation, and explore novel attack primitives including:
    - Compromising hosts by modifying Active Directory computer objects
    - Bypassing restrictions on protocol transition to impersonate arbitrary users
    - Compromising a host by abusing the ticket-granting-ticket of a computer account
    - Performing local privilege escalation on Windows 10 and Windows Server 2016/2019 hosts by abusing account profile pictures
    - Performing remote code execution on SQL Servers through directory listing abuse
    - Achieving hostless domain persistence

    Participants will get an opportunity to try the above attacks in a lab environment.

    We will also explore mitigating controls, as well as detection opportunities.

    Level: Intermediate

    Pre-Requisites: Basic familiarity of Windows and Active Directory environments

    Required Materials: A laptop with the ability to connect to a VPN and establish an RDP connection with a remote host.

  • #2
    Hey guys. If you have a spare ticket/seat for this workshop, please let me know. Cheers.