Explore a 30-minute conference talk from NorthSec that delves into Kerberos extensions within Active Directory, specifically focusing on S4U (Service-for-User) and U2U (User-to-User) mechanisms and their associated attack vectors. Learn about the technical implementation and peculiarities of these protocols, including how they can be exploited and combined in attacks like spn-less-rbcd, unpac-the-hash, and sapphire ticket. Gain deep insights into the sapphire ticket attack, a particularly stealthy variant of the golden ticket attack that poses significant detection challenges. Master the fundamental workings of these protocols to better understand their security implications in Active Directory environments.
Kerberos S4U and U2U Extensions in Active Directory Security
Overview
Syllabus
NSEC2023 - Roses are red, violets are blue, S4U bamboozles me, U2U too
Taught by
NorthSec
Related Courses
-
Red Vs. Blue - Modern Active Directory Attacks, Detection, And Protection
-
Active Directory Attacks Series
-
Evading Microsoft ATA for Active Directory Domination
-
Abusing Mixed Vendor Kerberos Stacks - Exploiting Windows AD and Linux Authentication
-
Winning the Game of Active Directory - Securing Against Common Attack Strategies
-
Windows Hello Abuse: Exploiting Authentication and Security Features
