about-me variable
Axon Technologies invites you to their event

NCL 07: Active Directory Security: Attacks and Countermeasures

About this event

In this webinar, we will discuss and demonstrate how to perform a penetration test against an Active Directory (AD) server, in addition to the security measures that you need to implement to secure it from attacks.

Given that an AD Server uses Kerberos protocol for authentication, most of the attacks against AD are attacks against Kerberos. We will explain three common Kerberos Attacks:

  1. Kerberoasting: utilizing a low-privileged account, an attacker can request tickets that include hashes of other users' passwords; the condition is that the user account must have a Service Principal Name (SPN) value. By gaining access to those hashes, an attacker can attempt to crack them offline to get the clear-text passwords.
  2. AS-REP Roasting: the attacker here enumerates user accounts lacking the attribute Kerberos Pre-Authentication Required. The Active Directory will respond with legitimate packets - leaking users' hashes - to any requests on behalf of those users sent by anyone (e.g., an attacker). The attacker then cracks those hashes offline.
  3. Golden Ticket: this attack gives the attacker a full access to the domain, including all users and resources; hence, the name Golden Ticket. To perform this attack, the attacker obtains the hash of the actual Kerberos service itself (a.k.a., krbtgt account).

We will explain how those attacks can be performed step by step, noting the security weaknesses or mis-configurations that lead to such attacks. And finally, we will touch upon the security measures to take to mitigate or limit those attacks.

Hosted by

  • Team member
    T
    Abed Samhuri Cyber Institute Lead @ Axon Technologies

Axon Technologies

Your Cybersecurity Partner

Axon Technologies is a cybersecurity services company focused on protecting organizations of various sizes in this digitally connected world. Our mission is to help organizations predict, prevent, detect, respond to, and recover from cyberattacks.