Video of my Kawaiicon talk: The "Dollar Ticket Attack" on AD and Linux Kerberos clients

[Andrew Bartlett]

I was going to wait until a per-talk video was hosted by the organisers
of the conference, but in the meantime this link into the live stream
works.

I'm sharing this as I wanted to share the video as folks have been
interested. 

https://youtu.be/4hBLf2vQc8k?t=30560

It would be great if the linux side could become harder to exploit at
some point, I have some suggestions at the end of the talk, and Sumit
has had some suggestions around disabling an 'a2ln' plugin. 

It would be good if someone could write up some good guidance for users
on how best to defend against it on the Linux side, both with a 'simple
keytab on server', or 'samba publishing keytab' or other similar
configurations.

I also tell the tale of how I broke into Windows AD last November,
similar to but more punchy than SambaXP talk, which I think was pretty
cool. 

Anyway, enjoy and be worried!

Andrew Bartlett

-- 
Andrew Bartlett (he/him)        https://samba.org/~abartlet/
Samba Team Member (since 2001)  https://samba.org
Samba Developer, Catalyst IT    https://catalyst.net.nz/services/samba