2021-10-15, 14:40–15:20, Main room
Active Directory Domain Services offer a wide attack surface featuring protocols, services, permissions, policies, and many more components. This talk will focus on one of my favorite attack scenarios based on exploiting ACEs and Kerberos delegations. A 5 minutes scenario leading to full takeover, requiring no user-interaction.
The following topics will be covered, some of the basis allowing the average human to understand most of the talk
- Active Directory 101 services, protocols and attack surface
- ACLs 101 how those permissions help both admins and attackers
- NTLM vs. Kerberos 101 covering the basis on those authentication protocols
- Kerberos deep-dive let's talk about delegations
- Attack path ACE abuse to RBCD attack
- Tooling overview let's talk about Impacket
- Demos ? this will depend on the demo-gods mood at that time, we know them to be a bit lunatic sometimes