Server Tailgating - A Chosen-Plaintext Attack on RDP

Explore a chosen-plaintext attack exploiting a logical vulnerability in Windows authentication protocols, particularly focusing on Remote Desktop Protocol (RDP). Delve into the intricacies of network security, examining how attackers can move laterally through systems using various protocols such as Kerberos, MSRPC, GSSAPI/SSPI, TLS, and CredSSP. Understand the RDP flow and certificate validation process, and discover the journey that led to identifying this vulnerability. Learn about RSA encryption, the requirements for public keys, and the process of finding a suitable protocol for exploitation. Follow the presenters' attempts to exploit NTLM and Kerberos, leading to a successful attack. Gain insights into the affected systems, patch details, and disclosure timeline. Acquire knowledge about relevant tools and key takeaways to enhance your understanding of this critical security issue in Windows authentication protocols.

Intro
black hat What We Will Show
black hat Attackers Move Laterally...
blackhat Kerberos
black hat MSRPC - Microsoft Remote Procedure Call
black hat GSSAPI / SSPI
black hat TLS (Transport Layer Security)
black hat CredSSP
black hat RDP (Remote Desktop Protocol)
black hat RDP Flow
black hat RDP - Certificate Validation
blackhat Protocols Recap
black hat The Journey
black hat Do You See the issue?
blackhat Vulnerability Flow Chart
black hat RSA Quick Overview
blackhat "Broken" RSA
blackhat Requirement For Public Key
black hat Finding A Suitable Protocol
black hat MSRPC!
blackhat #1 Try - Exploiting NTLM
blackhat #2 Try - Exploiting Kerberos
black hat Exploit Details
black hat Success!
black hat Should I care?
black hat Affected Systems
black hat Patch Details
black hat Disclosure Timeline
black hat Tools
blackhat Key Takeaways