Protecting Active Directory from Kerberoasting

Active Directory (AD) remains a crucial backbone for enterprise IT environments, centralizing authentication and authorization for users and computers. However, Active Directory’s importance—coupled with its age and the technical debt... The post ...
NetworkMiner + Cerberos

Extracting Kerberos Credentials from PCAP

NetworkMiner is one of the best tools around for extracting credentials, such as usernames and passwords, from PCAP files. The credential extraction feature is primarily designed for defenders, in order to analyze ...
NetworkMiner 2.5

NetworkMiner 2.5 Released

I am happy to announce the release of NetworkMiner 2.5 today! This new version includes new features like JA3 and parsers for the HTTP/2 and DoH protocols. We have also added support ...
kerberos-blog.jpg

10 Things You Need to Know About Kerberos

As our research team continues to find vulnerabilities in Microsoft that bypass all major NTLM protection mechanisms, we start to wonder about the successor protocol that replaced NTLM in Windows versions above ...
NetworkMiner 2.4

NetworkMiner 2.4 Released

We are proud to announce the release of NetworkMiner 2.4 today! The new version comes with several improvements, such as username extraction from Kerberos traffic, better OS fingerprinting and even better Linux ...
The Security Risks of NTLM2-thumbnail

The Security Risks of NTLM: Proceed with Caution

| | Active Directory, KERBEROS, NTLM, risk
NTLM (NT LAN Manager) is Microsoft's old authentication protocol that was replaced with Kerberos starting Windows 2000. It was designed and implemented by Microsoft engineers for the purpose of authenticating accounts between ...

From Public Key to Exploitation: How We Exploited the Authentication in MS-RDP

In March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a critical vulnerability that was discovered by Preempt. This vulnerability can be classified as a logical remote code execution (RCE) vulnerability. It ...

Security Advisory: Critical Vulnerability in CredSSP Allows Remote Code Execution on Servers Through MS-RDP (Video)

In March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a vulnerability discovered by Preempt researchers. The vulnerability consists of a logical flaw in Credential Security Support Provider protocol (CredSSP) which is ...

Quick note on troubleshooting password based Kerberos authentication on a Palo Alto Networks firewall

While endeavoring to test a Kerberos based authentication profile on a clients Palo Alto Networks I ran into a couple of error messages that need a little clarification.To test the authentication I ...