AD Security Research: Breaking Trust Transitivity
While playing with Kerberos tickets, I discovered an issue that allowed me to authenticate to other domains within an Active Directory (AD) forest across external non-transitive trusts. This means that there is in fact no such thing as a “non-transitive trust.” The term is at best misleading and offers systems ... Read More
AD Security Research: Breaking Trust Transitivity
While playing with Kerberos tickets, I discovered an issue that allowed me to authenticate to other domains within an Active Directory (AD) forest across external non-transitive trusts. This means that... The post AD Security Research: Breaking Trust Transitivity appeared first on Semperis ... Read More
New Attack Paths? AS Requested Service Tickets
While helping Andrew Schwartz with his Kerberos FAST post (which has more information about what FAST is and how it works, so have a read), I noticed something interesting. AS-REQs for machine accounts are unarmored. This is described by Microsoft here: Kerberos armoring uses a ticket-granting ticket (TGT) for the ... Read More
A Diamond (Ticket) in the Ruff
[Editor’s note: This blog was co-authored by Andrew Schwartz at TrustedSec.] One day, while browsing YouTube, we came across a Black Hat 2015 presentation by Tal Be’ery and Michael Cherny. In their talk and subsequent brief, Watching the Watchdog: Protecting Kerberos Authentication with Network Monitoring, Be’ery and Cherny outlined something ... Read More
