Exploiting Kerberos RC4 Vulnerabilities to Spoof Windows PACs π‘οΈ
Discover how to break Kerberos' RC4 encryption and manipulate Windows Privilege Attribute Certificates (PACs). Learn about the security implications and potential attack methods against Active Directory environments.
Black Hat
6.9K views β’ Mar 31, 2023
About this video
While the Active Directory implementation of Kerberos prefers to use cryptography based on AES, the deprecated Kerberos encryption type is still supported by default and widely used in practice. The property that RC4 derives its cryptographic keys from a user's NTLM hash is frequently exploited to authenticate without the original password (overpass-the-hash) or to efficiently brute-force service account passwords offline (Kerberoasting).No attacks were yet known that take advantage of the well-known weaknesses in Kerberos' RC4 implementation. Therefore I decided to take a look at this and quickly identified a relatively obvious flaw in the way it was used.However, turning this cryptographic flaw into a practical attack against Kerberos or Active Directory turned out to be far from trivial...
By: Tom Tervoort
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-22/briefings/schedule/#breaking-kerberos-rc-cipher-and-spoofing-windows-pacs-29181
By: Tom Tervoort
Full Abstract and Presentation Materials:
https://www.blackhat.com/eu-22/briefings/schedule/#breaking-kerberos-rc-cipher-and-spoofing-windows-pacs-29181
Video Information
Views
6.9K
Likes
68
Duration
40:59
Published
Mar 31, 2023
User Reviews
4.3
(1)