Fun with LDAP and Kerberos - Attacking AD from Non-Windows Machines

Fun with LDAP and Kerberos - Attacking AD from Non-Windows Machines

WEareTROOPERS via YouTube Direct link

Communicating with MS-RPC

10 of 43

10 of 43

Communicating with MS-RPC

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Fun with LDAP and Kerberos - Attacking AD from Non-Windows Machines

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Introduction
  2. 2 Why this talk?
  3. 3 Takeaways
  4. 4 What is "Active Directory"?
  5. 5 Core AD Technologies
  6. 6 Working with AD Protocols
  7. 7 Find Active Directory through DNS
  8. 8 Domain Meta-Data Through LDAP
  9. 9 MS-RPC Calls
  10. 10 Communicating with MS-RPC
  11. 11 Impacket Binaries
  12. 12 Impacket Static Binaries
  13. 13 Active Directory uses LDAP
  14. 14 What does LDAP in AD look like?
  15. 15 Idapsearch - Computers
  16. 16 Nested Lookups
  17. 17 Nested Domain Admins
  18. 18 Admin-Count
  19. 19 Why do it manually?
  20. 20 LDAP Summary
  21. 21 Kerberos Crash-Course
  22. 22 What does Kerberos look like?
  23. 23 Kerberos and Authorization
  24. 24 Kerberos from Linux
  25. 25 Setting up Kerberos
  26. 26 Using Kerberos with GSSAPI
  27. 27 Viewing Kerberos Tickets
  28. 28 Using Kerberos with Impacket
  29. 29 When NTLM Auth is disabled
  30. 30 Password Spraying with SMB / RPC
  31. 31 Other Password Guessing Techniques
  32. 32 Password Guessing with Kerberos
  33. 33 What about logs?
  34. 34 Kerberos Event Logging
  35. 35 Requesting TGS for SPN
  36. 36 Cracking TGS Resp
  37. 37 Over Pass the Hash - AES
  38. 38 Forging Kerberos Tickets
  39. 39 Golden Ticket Creation
  40. 40 Golden Ticket Usage
  41. 41 Silver Ticket Creation
  42. 42 Silver Ticket Usage
  43. 43 Shoulders of Giants

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.