Presentation is loading. Please wait.

Presentation is loading. Please wait.

OWASP IL, June 2015. waza 1234/ des_cbc_md5 f8fd987fa7153185 LSASS (kerberos) rc4_hmac_nt (NTLM/md4) cc36cf7a8514893e fccd332446158b1a.

Published byAmice Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "OWASP IL, June 2015. waza 1234/ des_cbc_md5 f8fd987fa7153185 LSASS (kerberos) rc4_hmac_nt (NTLM/md4) cc36cf7a8514893e fccd332446158b1a."— Presentation transcript:

1 OWASP IL, June 2015

2

3

4

5

6

7

8

9

10

11 waza 1234/ des_cbc_md5 f8fd987fa7153185 LSASS (kerberos) rc4_hmac_nt (NTLM/md4) cc36cf7a8514893e fccd332446158b1a aes128_hmac 8451bb37aa6d7ce3 d2a5c2d24d317af3 aes256_hmac 1a7ddce7264573ae1 f498ff41614cc7800 1cbf6e3142857cce2 566ce74a7f25b KDC TGT TGS ① AS-REQ ② AS-REP ③ TGS-REQ (Server) ④ TGS-REP ⑤ Usage User Server

12

13 KDC waza 1234/ User1 des_cbc_md5 f8fd987fa7153185 LSASS (kerberos) rc4_hmac_nt (NTLM/md4) cc36cf7a8514893e fccd332446158b1a aes128_hmac 8451bb37aa6d7ce3 d2a5c2d24d317af3 aes256_hmac 1a7ddce7264573ae1 f498ff41614cc7800 1cbf6e3142857cce2 566ce74a7f25b user rc4_hmac _nt aes256_ hmac Joe21321…543.. user1 cc36cf7a … 1a7ddc … Doe ① AS-REQ Name: user1 Etype: DES, RC4, AES128, AES256 ③ AS-REQ PA-ENC-TS Etype:AES TGT ② KERB-ERR Pre-auth-REQ Etype: RC4,AES Salt:user1 ④ AS-REP TGT+Enc Etype: AES

14

15

16

17

18 KDC

19

20

21

22 Check if newer keys exists Locate newer keys Patch newer keys Acess lsass.exe memory

23 Locate functions (to re-route) Inject patched functions Re-route Init function Re-route Decrypt function

24 KDC User1 des_cbc_md5 LSASS (kerberos) rc4_hmac_nt (NTLM/md4) aes128_hmac aes256_hmac user rc4_hmac _nt aes256_ hmac Joe21321…543.. user1 cc36cf7a … 1a7ddc … ① AS-REQ Name: user1 Etype: DES, RC4, AES128, AES256 ③ AS-REQ PA-ENC-TS Etype: RC4 TGT ② KERB-ERR Pre-auth-REQ Etype: RC4,AES Salt:user1 ④ AS-REP TGT+Enc Etype: RC4 ff687678.... Skeleton ff687678…

25

26 Automatically… Learn entities and their context Profile entity activities and behaviors Build the entities interaction graph Identify suspicious activities Connect suspicious activities into an Attack Timeline™ How Microsoft ATA works

27

28

29

30

31

32

33

34

35

Download ppt "OWASP IL, June 2015. waza 1234/ des_cbc_md5 f8fd987fa7153185 LSASS (kerberos) rc4_hmac_nt (NTLM/md4) cc36cf7a8514893e fccd332446158b1a."

Similar presentations

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
CS5204 – Operating Systems 1 A Private Key System KERBEROS.

CS5204 – Operating Systems 1 A Private Key System KERBEROS.
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
KERBEROS LtCdr Samit Mehra (05IT 6018).

KERBEROS LtCdr Samit Mehra (05IT 6018).
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
KERBEROS www.unix.org.ua/orelly/networking/puis/ch19_06.htm.

KERBEROS
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Attacks on cryptography – Cyphertext, known pltext, chosen pltext, MITM, brute-force Types of ciphers – Mix of substitution and transposition – Monoalphabetic,

Attacks on cryptography – Cyphertext, known pltext, chosen pltext, MITM, brute-force Types of ciphers – Mix of substitution and transposition – Monoalphabetic,
Technical Services & Operations WINDOWS 2008 R2 AD / DC UPGRADE PROJECT.

Technical Services & Operations WINDOWS 2008 R2 AD / DC UPGRADE PROJECT.
Day 4-1-1 anti-virus 3-3-1.anti-virus 1 detecting a malicious file malware, detection, hiding, removing.

Day anti-virus anti-virus 1 detecting a malicious file malware, detection, hiding, removing.
Windows 2000 Kerberos Interoperability Paul Hill Co-Leader, Kerberos Development Team MIT John Brezak Program Manager Windows 2000 Security Microsoft.

Windows 2000 Kerberos Interoperability Paul Hill Co-Leader, Kerberos Development Team MIT John Brezak Program Manager Windows 2000 Security Microsoft.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.

Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
COEN 350 Kerberos. Provide authentication for a user that works on a workstation. Uses secret key technology Because public key technology still had patent.

COEN 350 Kerberos. Provide authentication for a user that works on a workstation. Uses secret key technology Because public key technology still had patent.
1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.
WSV320. Welcome to Atlanta, all y’all Gotta visit the Cyclorama Visit the WHAT??? This should be a 4 hour presentation… Buckle your seat belts! We talk.

WSV320. Welcome to Atlanta, all y’all Gotta visit the Cyclorama Visit the WHAT??? This should be a 4 hour presentation… Buckle your seat belts! We talk.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Kerberos Authentication for Multi-organization Cross-Realm Kerberos Authentication User sent request to local Authentication Server Local AS shares cross-realm.

Kerberos Authentication for Multi-organization Cross-Realm Kerberos Authentication User sent request to local Authentication Server Local AS shares cross-realm.
ACCESS CONTROL MANAGEMENT Project Progress (as of March 3) By: Poonam Gupta Sowmya Sugumaran.

ACCESS CONTROL MANAGEMENT Project Progress (as of March 3) By: Poonam Gupta Sowmya Sugumaran.

Similar presentations

Ads by Google