OWASP IL, June 2015. waza 1234/ des_cbc_md5 f8fd987fa7153185 LSASS (kerberos) rc4_hmac_nt (NTLM/md4) cc36cf7a8514893e fccd332446158b1a.

Slides:

Advertisements

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Advertisements

CS5204 – Operating Systems 1 A Private Key System KERBEROS.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

KERBEROS LtCdr Samit Mehra (05IT 6018).

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Attacks on cryptography – Cyphertext, known pltext, chosen pltext, MITM, brute-force Types of ciphers – Mix of substitution and transposition – Monoalphabetic,

Technical Services & Operations WINDOWS 2008 R2 AD / DC UPGRADE PROJECT.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Windows 2000 Kerberos Interoperability Paul Hill Co-Leader, Kerberos Development Team MIT John Brezak Program Manager Windows 2000 Security Microsoft.

Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.

COEN 350 Kerberos. Provide authentication for a user that works on a workstation. Uses secret key technology Because public key technology still had patent.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

WSV320. Welcome to Atlanta, all y’all Gotta visit the Cyclorama Visit the WHAT??? This should be a 4 hour presentation… Buckle your seat belts! We talk.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Kerberos Authentication for Multi-organization Cross-Realm Kerberos Authentication User sent request to local Authentication Server Local AS shares cross-realm.

ACCESS CONTROL MANAGEMENT Project Progress (as of March 3) By: Poonam Gupta Sowmya Sugumaran.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

Kerberos Authenticating Over an Insecure Network.

Kerberos Network Authentication Protocol A Team 1 Presentation: Les Beckford Joe DeCicco Vera Rhoads Than Lam Steve Parshley DCS835 June 24, 2000.

1 Carnegie Mellon University CERT Coordination Center MidTerm Question 5 –Given the following security architecture, specify ways that the use of firewalls.

KerberSim CMPT 495 Fall 2004 Jerry Frederick. Project Goals Become familiar with Kerberos flow Create a simple Kerberos simulation.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Kerberos Presented By: Pratima Vijayakumar Rafi Qureshi Vinay Gaonkar CS 616 Course Instructor: Dr. Charles Tappert.

Kerberos Underworld Ondrej Sevecek | MCM: Directory | MVP: Security |

Introduction to Kerberos Kerberos and Domain Authentication.

Internet Security 1 (IntSi1)

Slide Master Layout Useful for revisions and projector test  First-level bullet  Second levels  Third level  Fourth level  Fifth level  Drop body.

Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant

Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).

Introduction to SQL 2005 Security Nick Ward SQL Server Specialist Nick Ward SQL Server Specialist

Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:

SSL/TLS after DigiNotar and BEAST

RPC Over HTTPS - Mailbox Access Note – OS & Outlook (2007/2010) should be fully patched with latest service pack and patches.

Netprog: Kerberos1 KERBEROS. Contents: Introduction History Components Authentication Process Strengths Weaknesses and Solutions Applications References.

Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.

Ing. Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

Key Management and Identity CS461/ECE422 Spring 2012.

ACCESS CONTROL MANAGEMENT Project Progress (as of March 3) By: Poonam Gupta Sowmya Sugumaran.

Kerberos. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software.

Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.

Cerberus (from Kerberos, demon of the pit): Monstrous three-headed dog (sometimes said to have fifty or one- hundred heads), (sometimes) with a snake for.

Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.

Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.

1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.

Kerberos in an ISP environment

CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.

Introduction to Microsoft Windows 2000 Security Microsoft Windows 2000 Security Services Overview Security subsystem components Local security authority.

KERBEROS SYSTEM Kumar Madugula.

Key Management and Distribution Anand Seetharam CST 312.

Doc.: IEEE /419 Submission November 2000 David Halasz et alSlide 1 TGe Security Baseline David Halasz, Stuart Norman, Glen Zorn Cisco Systems,

Active Directory and NT Kerberos. Introduction to NT Kerberos v5 What is NT Kerberos? How is it different from NTLM NT Kerberos vs MIT Kerberos Delegation.

Security. Cryptography (1) Intruders and eavesdroppers in communication.

C Copyright © 2007, Oracle. All rights reserved. Security New Features.

Kerberos Miha Pihler MVP – Enterprise Security Microsoft Certified Master | Exchange 2010.

Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.

By Alva `Skip` DUCKWALL & Benjamin DELPY Abusing Microsoft Kerberos sorry you guys don’t get it.

Mimikatz 2.0 Benjamin DELPY `gentilkiwi`. Our little story `whoami`, why am I doing this? mimikatz 2.0 & sekurlsa Focus on Windows 8.1 et 2012r2 Kerberos.

Distributed Authentication in Kerberos Using Public Key Cryptography

Benjamin DELPY `gentilkiwi`

. - t !!l t. - 1f1f J - /\/\ - ' I __.

.. '.. ' 'i.., \. J'.....,....., ,., ,,.. '"'". ' · · f.. -··-·· '.,.. \...,., '.··.. ! f.f.

Kerberos Kerberos Ticket.

+ Attach service request

doc.: IEEE <doc#>

Presentation transcript:

OWASP IL, June 2015

waza 1234/ des_cbc_md5 f8fd987fa LSASS (kerberos) rc4_hmac_nt (NTLM/md4) cc36cf7a e fccd b1a aes128_hmac 8451bb37aa6d7ce3 d2a5c2d24d317af3 aes256_hmac 1a7ddce ae1 f498ff41614cc7800 1cbf6e cce2 566ce74a7f25b KDC TGT TGS ① AS-REQ ② AS-REP ③ TGS-REQ (Server) ④ TGS-REP ⑤ Usage User Server

KDC waza 1234/ User1 des_cbc_md5 f8fd987fa LSASS (kerberos) rc4_hmac_nt (NTLM/md4) cc36cf7a e fccd b1a aes128_hmac 8451bb37aa6d7ce3 d2a5c2d24d317af3 aes256_hmac 1a7ddce ae1 f498ff41614cc7800 1cbf6e cce2 566ce74a7f25b user rc4_hmac _nt aes256_ hmac Joe21321…543.. user1 cc36cf7a … 1a7ddc … Doe ① AS-REQ Name: user1 Etype: DES, RC4, AES128, AES256 ③ AS-REQ PA-ENC-TS Etype:AES TGT ② KERB-ERR Pre-auth-REQ Etype: RC4,AES Salt:user1 ④ AS-REP TGT+Enc Etype: AES

KDC

Check if newer keys exists Locate newer keys Patch newer keys Acess lsass.exe memory

Locate functions (to re-route) Inject patched functions Re-route Init function Re-route Decrypt function

KDC User1 des_cbc_md5 LSASS (kerberos) rc4_hmac_nt (NTLM/md4) aes128_hmac aes256_hmac user rc4_hmac _nt aes256_ hmac Joe21321…543.. user1 cc36cf7a … 1a7ddc … ① AS-REQ Name: user1 Etype: DES, RC4, AES128, AES256 ③ AS-REQ PA-ENC-TS Etype: RC4 TGT ② KERB-ERR Pre-auth-REQ Etype: RC4,AES Salt:user1 ④ AS-REP TGT+Enc Etype: RC4 ff Skeleton ff687678…

Automatically… Learn entities and their context Profile entity activities and behaviors Build the entities interaction graph Identify suspicious activities Connect suspicious activities into an Attack Timeline™ How Microsoft ATA works