network authentication protocol. It is designed to provide strong
authentication for client/server applications by using secret-key
cryptography.” Kerberos builds on symmetric key cryptography and
requires a trusted third party, and optionally may use public-key
cryptography during certain phases of authentication.Kerberos uses
UDP port 88 by default.
Kerberos to handle authentication requests by default. However, if
the domain is compromised, how bad can it really be? With the loss of
the right hash, Kerberos can be completely compromised for years
after the attacker gained access. Yes, it really is that bad.
this presentation Skip Duckwall, @passingthehash on twitter and
Benjamin Delpy, @gentilkiwi on twitter and the author of Mimikatz,
will demonstrate just how thoroughly compromised Kerberos can be
under real world conditions.
Prepare to have all your
assumptions about Kerberos challenged!