cyber judo: offensive cyber defense - black hat · pdf filecyber judo: offensive cyber defense...
TRANSCRIPT
![Page 1: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/1.jpg)
CYBER JUDO: OFFENSIVE CYBER DEFENSETal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySecItai Grady, Security Researcher, Microsoft ATA, @ItaiGrady
![Page 2: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/2.jpg)
![Page 3: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/3.jpg)
![Page 4: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/4.jpg)
![Page 5: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/5.jpg)
Intro
![Page 6: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/6.jpg)
https://en.wikipedia.org/wiki/Sun_Tzu#/media/File:Enchoen27n3200.jpg
![Page 7: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/7.jpg)
![Page 8: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/8.jpg)
![Page 9: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/9.jpg)
Defenders Attackers
Network Deployment Proxy / Network Monitoring MITM / Eavesdropper
Host Deployment Agent (but the prefer to refrain: compatibility, performance)
Malware (but the prefer to refrain: compatibility, performance, detection)
Privileges Least, o.w. part of the problem (see:
@taviso)
Least, privileged user are more
monitored
Integrations “living off the land”. Core functionality must be delivered independently, opportunistic integrations
“living off the land”. Core functionality must be delivered independently,opportunistic existing non-default capabilities abuse
Expertise OS internals, networking OS internals, networking
![Page 10: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/10.jpg)
![Page 11: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/11.jpg)
![Page 12: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/12.jpg)
![Page 13: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/13.jpg)
![Page 14: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/14.jpg)
![Page 15: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/15.jpg)
waza1234/
des_cbc_md5 f8fd987fa7153185
LSASS (kerberos)
rc4_hmac_nt(NTLM/md4)
cc36cf7a8514893efccd332446158b1a
aes128_hmac8451bb37aa6d7ce3d2a5c2d24d317af3
aes256_hmac
1a7ddce7264573ae1f498ff41614cc78001cbf6e3142857cce2
566ce74a7f25b
DC
DC
TGT
TGS
③ TGS-REQ (Server)
④ TGS-REP
⑤ UsageUser
Server
![Page 16: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/16.jpg)
• Authentication
• Authorization
DC
waza1234/
LSASS (NTLM)
NTLM(rc4_hmac_nt)
cc36cf7a8514893efccd332446158b1a
User
Server① Negotiate
③ Response
② Challenge
⑥ Auth verified
![Page 17: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/17.jpg)
Lateral Movement Reconnaissance
![Page 18: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/18.jpg)
HERE
THERE
![Page 19: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/19.jpg)
HERE THERE
![Page 20: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/20.jpg)
![Page 21: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/21.jpg)
Logged-on User Recon
![Page 22: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/22.jpg)
Computer’s Local Admin Recon
![Page 23: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/23.jpg)
Users + Group Membership Recon
![Page 25: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/25.jpg)
![Page 26: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/26.jpg)
![Page 27: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/27.jpg)
![Page 28: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/28.jpg)
![Page 29: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/29.jpg)
Lateral Movement Reconnaissance: Defense
![Page 30: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/30.jpg)
Win version Who can query SAMR by default Can default be changed
< Win10 Any domain user No
Win10 Any domain user Yes (only via registry)
> Win10 (e.g.
anniversary)
Only local administrators Yes (registry or GPO)
![Page 31: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/31.jpg)
![Page 33: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/33.jpg)
![Page 34: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/34.jpg)
![Page 35: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/35.jpg)
![Page 36: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/36.jpg)
Cyber Judo with NetSess
![Page 37: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/37.jpg)
• Authentication
• Authorization
DC
waza1234/
LSASS (NTLM)
NTLM(rc4_hmac_nt)
cc36cf7a8514893efccd332446158b1a
User
Server① Negotiate
③ Response
② Challenge
⑥ Auth verified
![Page 38: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/38.jpg)
![Page 39: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/39.jpg)
![Page 40: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/40.jpg)
![Page 41: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/41.jpg)
![Page 42: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/42.jpg)
Cyber Judo with SAMR
![Page 43: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/43.jpg)
![Page 45: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/45.jpg)
![Page 46: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/46.jpg)
![Page 47: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/47.jpg)
![Page 48: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/48.jpg)
![Page 49: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/49.jpg)
![Page 50: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/50.jpg)
![Page 51: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/51.jpg)
Kerberos Error Message Injection
![Page 52: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/52.jpg)
waza1234/
des_cbc_md5 f8fd987fa7153185
LSASS (kerberos)
rc4_hmac_nt(NTLM/md4)
cc36cf7a8514893efccd332446158b1a
aes128_hmac8451bb37aa6d7ce3d2a5c2d24d317af3
aes256_hmac
1a7ddce7264573ae1f498ff41614cc78001cbf6e3142857cce2
566ce74a7f25b
DC
DC
TGT
TGS
③ TGS-REQ (Server)
④ TGS-REP
⑤ UsageUser
Server
![Page 53: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/53.jpg)
![Page 55: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/55.jpg)
KDC
waza1234/
User1
des_cbc_md5 f8fd987fa7153185
LSASS (kerberos)
rc4_hmac_nt(NTLM/md4)
cc36cf7a8514893efccd332446158b1a
aes128_hmac8451bb37aa6d7ce3d2a5c2d24d317af3
aes256_hmac
1a7ddce7264573ae1f498ff41614cc78001cbf6e3142857cce2
566ce74a7f25b
user rc4_hmac_nt
aes256_hmac
Joe 21321… 543..
user1 cc36cf7a…
1a7ddc…
Doe
TGT
![Page 56: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/56.jpg)
![Page 57: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/57.jpg)
• RC4-HMAC does not have any!
• RC4-HMAC does not have any!https://commons.wikimedia.org/wiki/File:Jodsalz_mit_Fluor_und_Folsaeure.jpg
![Page 58: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/58.jpg)
![Page 59: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/59.jpg)
KDC
waza1234/
User1
des_cbc_md5 f8fd987fa7153185
LSASS (kerberos)
rc4_hmac_nt(NTLM/md4)
cc36cf7a8514893efccd332446158b1a
aes128_hmac8451bb37aa6d7ce3d2a5c2d24d317af3
aes256_hmac
1a7ddce7264573ae1f498ff41614cc78001cbf6e3142857cce2
566ce74a7f25b
user rc4_hmac_nt
aes256_hmac
Joe 21321… 543..
user1 cc36cf7a…
1a7ddc…
Doe
TGT
![Page 60: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/60.jpg)
Kerberos Error Injection: Defense
![Page 61: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/61.jpg)
![Page 62: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/62.jpg)
![Page 63: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/63.jpg)
Cyber Judo with Kerberos Error Injection
![Page 65: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/65.jpg)
Parting Thoughts
![Page 66: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/66.jpg)
![Page 67: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/67.jpg)
![Page 68: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/68.jpg)
![Page 69: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/69.jpg)
![Page 70: CYBER JUDO: OFFENSIVE CYBER DEFENSE - Black Hat · PDF fileCYBER JUDO: OFFENSIVE CYBER DEFENSE Tal Be’ery, Sr. Security Research Manager, Microsoft ATA, @TalBeerySec Itai Grady,](https://reader034.vdocuments.net/reader034/viewer/2022042620/5ab6a5c67f8b9a0f058e0c64/html5/thumbnails/70.jpg)