About Eloy Pérez

This author has not yet filled in any details.
So far Eloy Pérez has created 8 blog entries.

Kerberos (III): How does delegation work?

By |17 Feb. 2020|

Introduction to Kerberos delegation There are several kinds of delegation implemented by using the Kerberos protocol on Windows and Linux servers. Basically, delegation allows a service to impersonate the client user to interact with a second service, with the privileges and permissions of the client itself. The flavors of delegation are the following: Unconstrained delegation Constrained delegation RBCD (Resource Based Constrained Delegation) In this article, we will focus on understand how the different kinds of delegation work, including some special cases. Additionally, some scenarios where it could be possible to take advantage of these mechanisms in order to leverage privilege escalation or set persistence in the domain will be introduced. Before starting with the explanations, I will assume that you ...

Kerberos (II): How to attack Kerberos?

By |4 Jun. 2019|

Introduction to kerberos attacks In this article about Kerberos, a few attacks against the protocol will be shown. In order to refresh the concepts behind the following attacks, it is recommended to check the first part of this series which covers Kerberos theory. The post is divided in one section per attack: Kerberos brute-force ASREPRoast Kerberoasting Pass the key Pass the ticket Silver ticket Golden ticket These attacks are sorted by the privileges needed to perform them, in ascending order. Thus, to perform the first attacks only connectivity with the DC (Domain Controller) is required, which is the KDC (Key Distribution Center) for the AD (Active Directory) network. Whereas, the last attack requires a user being a Domain ...

Kerberos (I): How does Kerberos work? – Theory

By |20 Mar. 2019|

The objective of this series of posts is to clarify how Kerberos works, more than just introduce the attacks. This due to the fact that in many occasions it is not clear why some techniques works or not. Having this knowledge allows to know when to use any of those attacks in a pentest. Therefore, after a long journey of diving into the documentation and several posts about the topic, we've tried to write in this post all the important details which an auditor should know in order to understand how take advantage of Kerberos protocol. In this first post only basic functionality will be discussed. In later posts it will see how perform the attacks and how the ...

Comments Off on Kerberos (I): How does Kerberos work? – Theory

Kerberos tickets: Comprehension and exploitation

By |21 Mar. 2017|

The main aim of this post is explaining the most common attacks that can be carried out in a security audit or pentest of Kerberos protocol used in Microsoft active directory domains for authentication. To this effect, first it is going to be explained how Kerberos works in order to provide access to those network resources; second, how the most famous kerberos attacks work on Kerberos tickets; third, how to carry out a Golden ticket attack using Mimikatz; and finally, possible mitigations against this type of attacks. How Kerberos works in an active directory In an active directory the authentication is done using Kerberos. This is a protocol that works on the basis of tickets which are given to users ...

We are using cookies to give you the best experience on our website. You can find out more about which cookies we are using or switch them off in Cookies Settings

Necessary

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.

Cookies policy