DEF CON 27 Conference new videos - Post interesting videos below
submitted 4 years ago by zyxzevn from (youtube.com)
view the rest of the comments →
[–]zyxzevn[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - 4 years ago (0 children)
Relaying Credentials Has Never Been Easier
Active Directory has always been a popular target for attackers, with a constant rise in attack tools attempting to compromise and abuse the main secrets storage of the organization. One of the weakest spots in Active Directory environments lies in the design of one of the oldest authentication protocols – NTLM, which is a constant source of newly discovered vulnerabilities. From CVE-2015-0005, to the recent LDAPS Relay vulnerability, it is clear why this protocol is one of the attackers’ favorites. Although there are offered mitigations such as server signing, protecting the entire domain from NTLM relay is virtually impossible. If it weren’t bad enough already, we will present several new ways to abuse this infamous authentication protocol, including a new critical zero-day vulnerability we have discovered which enables to perform NTLM Relay and take over any machine in the domain, even with the strictest security configuration, while bypassing all of today's offered mitigations. Furthermore, we will present why the risks of this protocol are not limited to the boundaries of the on-premises environment and show another vulnerability which allows to bypass various AD-FS restrictions in order to take over cloud resources as well.
Active Directory has always been a popular target for attackers, with a constant rise in attack tools attempting to compromise and abuse the main secrets storage of the organization. One of the weakest spots in Active Directory environments lies in the design of one of the oldest authentication protocols – NTLM, which is a constant source of newly discovered vulnerabilities. From CVE-2015-0005, to the recent LDAPS Relay vulnerability, it is clear why this protocol is one of the attackers’ favorites.
Although there are offered mitigations such as server signing, protecting the entire domain from NTLM relay is virtually impossible. If it weren’t bad enough already, we will present several new ways to abuse this infamous authentication protocol, including a new critical zero-day vulnerability we have discovered which enables to perform NTLM Relay and take over any machine in the domain, even with the strictest security configuration, while bypassing all of today's offered mitigations. Furthermore, we will present why the risks of this protocol are not limited to the boundaries of the on-premises environment and show another vulnerability which allows to bypass various AD-FS restrictions in order to take over cloud resources as well.
use the following search parameters to narrow your results:
e.g. sub:pics site:imgur.com dog
sub:pics site:imgur.com dog
advanced search: by author, sub...
~0 users here now
Discussions of hacks. How to hack. How to protect. False flags, hoaxes (like wikileaks). Stay legal.
view the rest of the comments →
[–]zyxzevn[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 0 fun2 insightful - 1 fun - (0 children)