YoVDO

Watching the Watchdog - Protecting Kerberos Authentication With Network Monitoring

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Network Security Courses Malware Analysis Courses Authentication Protocols Courses Network Monitoring Courses

Course Description

Overview

Explore advanced techniques for safeguarding Kerberos authentication through network monitoring in this Black Hat conference talk. Delve into the vulnerabilities of the Kerberos protocol, a prime target for APT attackers in Windows-based networks. Examine recent attacks like Golden Ticket, Forged PAC, and Skeleton Key, and learn novel defensive strategies to detect and counter these threats. Discover the "Diamond PAC" attack variant and its evasion techniques. Gain insights into AES vs. RC4 key derivation, TGT integrity, and PAC (Privilege Attribute Certificate) exploitation. Learn about the free "Kerberos Leash" tool, designed to implement cutting-edge detection techniques for enhanced network security.

Syllabus

Watching the Watchdog Protecting Kerberos
Why do Attackers Target Kerberos?
Kerberos: Stealing
The attack campaign • Attackers installed a malware on DC to authenticate as any user by using a secret password
AES vs. RC4: Key Derivation
Attacker + RC4
The Skeleton Key Malware: Kerberos
Skeleton Key Malware Detection
PAC (Privilege Attribute Certificate)
TGT Integrity
Let's Play Spot the Difference
Golden Ticket in the Wild
Diamond PAC exploit
Questions?


Taught by

Black Hat

Related Courses

Computer Security
Stanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network