Liatsis Fotios has a good read on yet another method to retrieve a Kerberos ticket.  The difference with this post is he does it with a Linux machine without assigning the host machine into the domain controller.  Based on the reading it would be proper for security managers to review there controls and find a method to at least gain some insight into this type of  attack.  My current employer has a NAC from Forescout and we do not run any  Linux systems so it should be simple to flag any non windows OS on our network.  Those companies with  heterogeneous environments might want review network segmentation and zoning to ensure correct OS traffic is generating to and from proper zones.

 

Source:

http://www.liatsisfotis.com/2015/11/knock-and-pass-kerberos-exploitation.html

Share

Written by

You May Also Like to Read