What is Kerberos?
Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
Kerberos vs NTLM
The Kerberos protocol is not a Microsoft invention, but Microsoft integrated their version of Kerberos in Windows2000, and it is now replacing NT Lan Manager (NTLM), which was a challenge-response authentication protocol.
Kerberos benefits from a stronger encryption, which improves the security as compared to NTLM.
|Pass-the-ticket||the process of forging a session key and presenting that forgery to the resource as credentials|
|Pass-the-hash||authenticate to a remote server or service by using the underlying NTLM or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case.||Pass-The-Hash|
|Overpass The Hash/Pass The Key (PTK)||GetTGT|
|Pass The Ticket (PTT)||mimikatz, rubeus, impacket|
|Golden Ticket||A ticket that grants a user domain admin access||mimikatz, rubeus, impacket|
|Silver Ticket||A forged ticket that grants access to a service||mimikatz, rubeus, impacket|
|Brute force||automated continued attempts to guess a password||kerbrute, rubeus|
|Encryption downgrade with Skeleton Key Malware||A malware that can bypass Kerberos, but the attack must have Admin access|
|DCShadow attack||a new attack where attackers gain enough access inside a network to set up their own DC to use in further infiltration|
|ASREPRoast||AS-REP Roasting is an attack against Kerberos for user accounts that do not require preauthentication.||Impacket/GetNPUsers, rubeus|
|Kerberoasting||Kerberoasting is an attack method that allows an attacker to crack the passwords of service accounts in Active Directory offline and without fear of detection. (More info)||Impacket/GetUserSPNs, rubeus|
Pages in category "Penetration-testing/Kerberos"
The following 12 pages are in this category, out of 12 total.