Video of my Kawaiicon talk: The "Dollar Ticket Attack" on AD and Linux Kerberos clients
Andrew Bartlett
abartlet at samba.org
Sun Jul 10 21:22:04 EDT 2022
On Sat, 2022-07-09 at 18:46 +1200, Andrew Bartlett via krbdev wrote:
> I was going to wait until a per-talk video was hosted by the organisers
> of the conference, but in the meantime this link into the live stream
> works.
>
> I'm sharing this as I wanted to share the video as folks have been
> interested.
>
> https://youtu.be/4hBLf2vQc8k?t=30560
>
> It would be great if the linux side could become harder to exploit at
> some point, I have some suggestions at the end of the talk, and Sumit
> has had some suggestions around disabling an 'a2ln' plugin.
>
> It would be good if someone could write up some good guidance for users
> on how best to defend against it on the Linux side, both with a 'simple
> keytab on server', or 'samba publishing keytab' or other similar
> configurations.
>
> I also tell the tale of how I broke into Windows AD last November,
> similar to but more punchy than SambaXP talk, which I think was pretty
> cool.
>
> Anyway, enjoy and be worried!
I've started to put together a wiki page mostly with links. It is
probably still at the stage of being confusing even to this audience
(and is totally missing a 'how do I protect myself' section), but
perhaps someone can help fill that out.
In the meantime at least it links some of the various documents, talks,
exploit steps etc:
https://wiki.samba.org/index.php/Security/Dollar_Ticket_Attack
I would appreciate it being extended. (Please don't be put off by
needing to get an account, it just a spam prevention barrier).
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
More information about the krbdev
mailing list