Return From The Underworld - The Future Of Red Team Kerberos

Explore the intricacies of Kerberos authentication and its future in red team operations through this comprehensive conference talk from Derbycon 7. Delve into the fundamentals of Kerberos, including its inner workings and analysis using Wireshark. Examine Service Principle Names (SPNs) and their creation process. Investigate known plaintext attacks, Kerberos keys, and the importance of DC keys. Learn about the transition from RC4 to AES encryption and its impact on cracking speeds. Discover techniques for Kerberos ticket analysis, including the use of PowerShell and LDAP attributes. Gain insights into the evolution of Kerberos attacks with tools like Invoke-Kerberos. Conclude with a discussion on the future of Kerberos and its implications for red team operations.

Introduction
How Kerberos works
Kerberos with Wireshark
Service Principle Names
How are SPMS created
How does Kerberos work
Impact
PowerShell Wireshark
Why cant we just use Wireshark
What is known plaintext attack
Kerberos keys
Preshared keys
Generating keys
String to key
PBK function
Why DC keys
Generating DC keys
Relative cracking speeds
Moving from RC4 to 8
Moving away from RC4
Kerberos Ticket Analysis
Kerberos Account Tab
LDAP Attribute
PowerShell
AES Kerberos
AES Cracking Speed
Invoke Kerberos 2
Invoke Kerberos 3
The Future Of Kerberos
Conclusion