Is This My Domain Controller? A New Class of Active Directory Protocol Injection Attacks

Is This My Domain Controller? A New Class of Active Directory Protocol Injection Attacks

Black Hat via YouTube Direct link

What we need for the attack

11 of 17

11 of 17

What we need for the attack

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Is This My Domain Controller? A New Class of Active Directory Protocol Injection Attacks

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Today's Talk
  3. 3 The Plan
  4. 4 NTLM Basics
  5. 5 NTLM Injection Vs NTLM Relay
  6. 6 NTLM Injection Example - GPO Update
  7. 7 New Attack Case - Azure AD Connect
  8. 8 NTLM Injection Against AD Connect
  9. 9 Microsoft Response
  10. 10 KDC Spoofing Protection
  11. 11 What we need for the attack
  12. 12 VMWare Center
  13. 13 Attack Scenario
  14. 14 Kerberos Injection - How to Mitigate?
  15. 15 Responsible Disclosure
  16. 16 Closing Remarks
  17. 17 Tips for Defenders

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.