Mimi who?

<img src="twitter">

<img src="twitter">

<img src="google images">

<img src="google images">

$ whoami

> cesar.silva

Agenda

Kerberos

Windows Goodies

Magic Tools

Demo 1

Demo 2

Kerberos

<img src="google images">

Key Distribution Center [KDC]

<img src="shareicon.net">

Tickets

<img src="vailjazz.org">

Ticket Granting Ticket [TGT]

<img src="google images">

Ticket-granting Service [TGS]

<img src="google images">

RECAP

<img src="google images">

Windows

<img src="pngmart.com">

Handle to Registry KEYS [HKEYS]

<img src="wikipedia">

HKEY LOCAL MACHINE [HKLM]

HKEY/SAM

HKEY/SECURITY

HKEY/SYSTEM

Mimikatz

<img src="google images">

LABS

Demo 1

Pass the Hash [PTH]

DC Presentation

Domain Presentation

Victim Presentation

Bait the Admin

Credential Dump

Attacker Presentation

Pass the hash

enter the DC

Demo 2

Pass the Ticket [PTT]

propagate the magic

Snagg the creds

GET the gold

SAVE the gold

Use the ticket

<img src="microsoft">

Questions?

C-Days Mimi who?

By apl3b

C-Days Mimi who?

CDays presentation about AD Security problematics

240

apl3b

Apl3b