by Tal Be'ery & Michael Cherny
Being the default authentication protocol for Windows-based networks, the Kerberos protocol is a prime target for attackers, especially for APTs attackers, seeking to steal the user's identity and steal secrets from the enterprise's data center.
In late 2014 and early 2015, we saw a lot of research on the attacker side, yielding the Golden Ticket, Forged PAC (MS14-068) and the Skeleton Key attacks. Now it is the time to present the defensive side research. We will expose a novel method of detecting and defeating ALL of these attacks (and others) based solely on network monitoring. We continue to show a novel variant of the Golden Ticket attack, the "Diamond PAC" attack, that is able to evade a naïve network monitoring detection and provide a detection solution for it. The talk includes the release of the "Kerberos Leash" tool - a free tool we developed that implements some of the detection techniques for the benefit of the security community.
Being the default authentication protocol for Windows-based networks, the Kerberos protocol is a prime target for attackers, especially for APTs attackers, seeking to steal the user's identity and steal secrets from the enterprise's data center.
In late 2014 and early 2015, we saw a lot of research on the attacker side, yielding the Golden Ticket, Forged PAC (MS14-068) and the Skeleton Key attacks. Now it is the time to present the defensive side research. We will expose a novel method of detecting and defeating ALL of these attacks (and others) based solely on network monitoring. We continue to show a novel variant of the Golden Ticket attack, the "Diamond PAC" attack, that is able to evade a naïve network monitoring detection and provide a detection solution for it. The talk includes the release of the "Kerberos Leash" tool - a free tool we developed that implements some of the detection techniques for the benefit of the security community.
Watching The Watchdog: Protecting Kerberos Authentication With Network Monitoring blackhat 2015 | |
6 Likes | 6 Dislikes |
2,366 views views | 117K followers |
People & Blogs | Upload TimePublished on 5 Mar 2016 |
Không có nhận xét nào:
Đăng nhận xét