Professional Documents
Culture Documents
Kerberos
and
Public Key Cryptography
OZ
NTLM
NTLM - Basics
Windows New Technology LAN Manager (NTLM) is an authentication security protocol that was created to
protect the integrity and confidentiality of user’s activity
NTLM is a single sign on (SSO) tool that relies on a challenge-response protocol to confirm the user without
requiring them to submit a password.
Application
Client DC
Server
Client passes plaintext username to server
This attack allows an attacker to authenticate to a system by using the hash of a user's
password, rather than the actual password.
NTLM - Recent Pass The Hash Attack
Brute-Force Attack
Dictionary Attack
MITM Attack
Strong Passwords
Password Manager
Implement Access Control Policy
Separation Of Duties
Least Privilege
Update Software
Kerberos uses a two-part process that leverages a ticket granting service or key
distribution center
Kerberos - How does it work
3. TGT
Ticket Granting
Service (TGS)
4. Client to Serv
e r Ticket
Server Ticket
5. Client to
6. Allow
Access
Server/Resource
Kerberos - Vulnerabilities
Replay attacks
Kerberos - Kerberoasting
Adversaries may abuse a valid Kerberos ticket-granting ticket (TGT) or sniff network traffic to
obtain a ticket-granting service (TGS) ticket that may be vulnerable to Brute Force and other
password attack
Kerberos - Silver and Golden Ticket
Golden Ticket attack: A golden ticket is a Kerberos ticket that has been forged to allow the
attacker to impersonate any user on the network. Golden tickets can be used to perform a
variety of attacks, such as accessing sensitive data or taking control of systems
Silver Ticket attack: A silver ticket is a Kerberos ticket that has been forged to allow the
attacker to impersonate a service on the network. Silver tickets can be used to perform a
variety of attacks, such as bypassing security restrictions or disabling services
Kerberos - Pass The Ticket
A pass-the-ticket attack is an attack that allows an attacker to use a valid Kerberos ticket that
they have obtained from another user to authenticate to a service. Pass-the-ticket attacks can
be used to gain access to resources that the attacker would not otherwise be able to access
Kerberos - Other Attacks
The other key is known as the private key is used to decrypt data that was encrypted with
the Public key
A person cannot guess the private key based on knowing the public key
In order to send a message, we need to encrypt it using the other entity’s public key
After obtaining the public keys each entity can compute a shared symmetric key offline
The symmetr
Public Key Cryptography - TLS
3. Authenticate the identity of the server via the server’s public key and the SSL certificate authority’s
digital signature
4. Generate session keys in order to use symmetric encryption after the handshake is complete
Public Key Cryptography - Certificate Based Authentication
For certificate-based authentication to work properly, the user must have a private key
with information that corresponds to the public key in a certificate
Public Key Cryptography - Certificate Based Authentication
Questions?
Thank You