Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Breaking Kerberos' RC4 Cipher and Spoofing Windows PACs

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the vulnerabilities in Kerberos' RC4 cipher and learn how to spoof Windows PACs in this 41-minute Black Hat conference talk. Dive into the Active Directory implementation of Kerberos, focusing on the deprecated but still widely used RC4 encryption type. Discover how the speaker identified a flaw in RC4's implementation and the challenges of turning this cryptographic weakness into a practical attack. Examine topics such as overpass-the-hash attacks, Kerberoasting, and the computation of MD5 collisions. Follow the step-by-step process of exploiting the vulnerability, including PAC authorization data manipulation and collision byte storage. Gain insights into the limitations of the exploit and the subsequent patches implemented to address these security concerns.

Syllabus

Introduction
What is Kerberos?
Default supported encryption types
Known weaknesses
Computing MD5 collisions
How to exploit?
A protocol using the broken CHKSUM
PAC authorization data
A small HashClash hack
Step 2: compute collision
Step 3: store collision bytes in scriptPath request PAC again
The problem with MAC-over-MAC
A successful (but limited) exploit
The patches
Black Hat Sound Bytes

Taught by

Black Hat

Reviews

Start your review of Breaking Kerberos' RC4 Cipher and Spoofing Windows PACs

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.