YoVDO

Watching the Watchdog - Protecting Kerberos Authentication With Network Monitoring

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Network Security Courses Malware Analysis Courses Authentication Protocols Courses Network Monitoring Courses

Course Description

Overview

Explore advanced techniques for safeguarding Kerberos authentication through network monitoring in this Black Hat conference talk. Delve into the vulnerabilities of the Kerberos protocol, a prime target for APT attackers in Windows-based networks. Examine recent attacks like Golden Ticket, Forged PAC, and Skeleton Key, and learn novel defensive strategies to detect and counter these threats. Discover the "Diamond PAC" attack variant and its evasion techniques. Gain insights into AES vs. RC4 key derivation, TGT integrity, and PAC (Privilege Attribute Certificate) exploitation. Learn about the free "Kerberos Leash" tool, designed to implement cutting-edge detection techniques for enhanced network security.

Syllabus

Watching the Watchdog Protecting Kerberos
Why do Attackers Target Kerberos?
Kerberos: Stealing
The attack campaign • Attackers installed a malware on DC to authenticate as any user by using a secret password
AES vs. RC4: Key Derivation
Attacker + RC4
The Skeleton Key Malware: Kerberos
Skeleton Key Malware Detection
PAC (Privilege Attribute Certificate)
TGT Integrity
Let's Play Spot the Difference
Golden Ticket in the Wild
Diamond PAC exploit
Questions?


Taught by

Black Hat

Related Courses

An Introduction to Computer Networks
Stanford University via Independent
Computer Networks
University of Washington via Coursera
Computer Networking
Georgia Institute of Technology via Udacity
Cybersecurity and Its Ten Domains
University System of Georgia via Coursera
Model Building and Validation
AT&T via Udacity