44CON2022 has ended
Back To Schedule
Thursday, September 15 • 10:00am - 11:00am
James Forshaw - Tooling up for Kerberos

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Kerberos is the primary network authentication protocol for on-premise Windows enterprise networks. As it’s so crucial for enterprise security a lot of research has focused on exploiting it for remote access and lateral movement such as the well known Golden/Silver ticket attacks. Comparatively little research has been undertaken on the implications of Kerberos for security on the local machine especially for privilege escalation.

One of the difficulties of dealing with Kerberos to find interesting vulnerabilities is its complex nature. There’s existing tools such as Kekeo and Rubeus but they don’t lend themselves well to playing around with Kerberos artifacts. Therefore I have my own tool set as part of the NtObjectManager PowerShell module which exposes the majority of Kerberos to scripts.

This presentation is an overview of the tooling that I’ve written to play with Kerberos and a deep dive into some bugs that I’ve discovered using them.

avatar for James Forshaw

James Forshaw

James is a security researcher in Google’s Project Zero. He has been involved with computer hardware and software security for over 10 years looking at a range of different platforms and applications. With a great interest in logical vulnerabilities he’s been listed as the #1... Read More →

Thursday September 15, 2022 10:00am - 11:00am BST
*Track 1*