all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Breaking Kerberos' RC4 Cipher and Spoofing Windows PACs

Add to bookmarks
March 31, 2023, 7:30 p.m. | Black Hat

Black Hat www.youtube.com

While the Active Directory implementation of Kerberos prefers to use cryptography based on AES, the deprecated Kerberos encryption type is still supported by default and widely used in practice. The property that RC4 derives its cryptographic keys from a user's NTLM hash is frequently exploited to authenticate without the original password (overpass-the-hash) or to efficiently brute-force service account passwords offline (Kerberoasting).No attacks were yet known that take advantage of the well-known weaknesses in Kerberos' RC4 implementation. Therefore I decided to …

account active directory aes attacks brute-force cipher cryptography default directory encryption exploited flaw hash kerberos keys ntlm password passwords practice rc4 service spoofing well-known windows

Visit resource

More from www.youtube.com / Black Hat

Startup Spotlight Competition at Black Hat 1 week, 3 days ago | www.youtube.com
bhusa blackhat cybersecurity infosec +1
Locknote: Conclusions and Key Takeaways from Day 2 4 weeks, 1 day ago | www.youtube.com
black hat black hat europe board board members +15
Locknote: Conclusions and Key Takeaways from Day 1 4 weeks, 1 day ago | www.youtube.com
black hat black hat europe board board members +16
Keynote: My Lessons from the Uber Case 4 weeks, 1 day ago | www.youtube.com
addition best practices case convicted +16
Keynote: Industrialising Cyber Defence in an Asymmetric World 1 month ago | www.youtube.com
adversaries challenge cyber cyber defence +10
The Black Hat Europe Network Operations Center (NOC) Report 1 month ago | www.youtube.com
back black hat black hat europe center +14
My Invisible Adversary: Burnout 1 month ago | www.youtube.com
adversary attackers attacks burnout +11
The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 1 month ago | www.youtube.com
analysis ask bad codeql +10
A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to … 1 month ago | www.youtube.com
attacks call cloudflare detection +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Corporate Security Specialist - 2nd shift (12pm-8pm)

@ Perrigo Company | Grand Rapids, MI, US, 49503
View on infosec-jobs.com

Lead Engineer, Network Security -Network

@ Singtel | Singapore, Singapore
View on infosec-jobs.com

DevSecOps Engineer

@ Moveworks | Remote, USA
View on infosec-jobs.com

Systems Engineer - Cyber Security

@ Penske | Tampa, FL, United States
View on infosec-jobs.com

(Senior) Security Analyst (m/f/x)

@ REWE International Dienstleistungsgesellschaft m.b.H | Wiener Neudorf, Austria
View on infosec-jobs.com

Tier 3 Analyst- Red Team

@ Resource Management Concepts, Inc. | Quantico, Virginia, United States
View on infosec-jobs.com
View more jobs