Explore security vulnerabilities in mixed Kerberos environments through this DEF CON 31 conference talk that examines the problematic relationship between Windows Active Directory and MIT/Heimdal Kerberos stacks. Learn how differences in user identification methods between Microsoft's implementation and Linux/Unix systems can be exploited for privilege escalation attacks. Discover practical demonstrations of these security weaknesses, including how Active Directory configuration flaws can be leveraged to compromise Linux-based hosts within the same realm. Get introduced to new attack techniques using an updated version of the Rubeus tool, designed specifically to exploit these cross-platform authentication vulnerabilities.
Abusing Mixed Vendor Kerberos Stacks - Exploiting Windows AD and Linux Authentication
Overview
Syllabus
DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn
Taught by
DEFCONConference
Related Courses
-
Complete Ethical Hacking Course | Bug Bounty
-
Abusing Windows Filtering Platform for Privilege Escalation - Undetected Attack Techniques
-
Breaking Microsoft Teams and SharePoint Through Migration APIs
-
Winning the Game of Active Directory - Securing Against Common Attack Strategies
-
Spooky Authentication at a Distance - Post-exploitation Techniques for Windows Environments
