Attacking Kerberos Deployments

Black Hat USA 2010

Presented by: Rachel Engel, Brad Hill, Scott Stender
Date: Wednesday July 28, 2010
Time: 10:00 - 11:00
Location: Milano 5+6+7+8
Track: OS Wars

The Kerberos protocol is provides single sign-on authentication services for users and machines. Its availability on nearly every popular computing platform - Windows, Mac, and UNIX variants - makes it the primary choice for enterprise authentication.

However, simply "adding a dash of Kerberos" does not make a magically secure a network. Kerberos is a complicated protocol whose comprehensive description requires dozens of RFCs. To use it securely requires a careful dance between protocol designers, service developers, and system administrators – the kind of dance that never quite stays in step.

A careful review of RFCs, deployment guidance, and developer reference materials reveals a host of “theoretical” flaws when Kerberos is used. This presentation will demonstrate new techniques that make the theoretical practical in common Kerberos deployments, and provide guidance to ensure that software and systems are hardened against attack.

Scott Stender

iSEC Partners Scott Stender is a founding partner of iSEC Partners, a strategic digital security organization. Scott brings with him several years of experience in large-scale software development and security consulting, having worked at companies such as @stake and Microsoft. Scott is a noted researcher who focuses on secure software engineering and security analysis of core technologies. He holds a BS in Computer Engineering from the University of Notre Dame.

Rachel Engel

iSEC Partners Rachel Engel has been writing networked server applications, protocol-layer code, and scalability systems for eight years and has recently been focusing on penetration testing and computer security analysis. She thinks that computers are wonderful devices for automating labor intensive processes and that as such, a great deal more of penetration testing can be automated than is at present. She's doing her best to build the big red button.

Brad Hill

iSEC Partners Brad Hill is a Principal Consultant and Director of SDL Services at iSEC Partners. Building on a background as a developer and architect in the financial services industry, he has spent much of the last three years assisting clients with the execution and planning of development lifecycle security activities. He also performs penetration testing, serves as an Invited Expert with the W3C XML Security Working Group and has been a speaker and trainer at numerous conferences.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats