11-06, 15:45–17:15 (Europe/Vienna), Palais Sachsen Coburg I-III
Kerberos is the bread and butter protocol used for authentication and authorization in a Windows domain.
Like many Windows components, it works fine in the default configuration and offers several options to strengthen its security. This includes the search for old encryption algorithms and the introduction of Kerberos Armoring, a.k.a Kerberos FAST.
This hands-on workshop will take you into the inner workings of Kerberos. We will use Wireshark to identify faulty configurations, misleading messages in event logs and decrypt whatever Windows wants to hide from plain view.
Trace files included: Bring your own laptop!
After a quick introduction on standard Kerberos operations we will examine advanced features. This workshop will teach you
* How to configure Wireshark for a speedy analysis of Kerberos packets
* How to identify hosts and accounts that use old encryption protocols
* Why you should use Kerberos Armoring and how to prepare your systems
* How Kerberos encrypts messages and how to decrypt them with Wireshark
Feel free to bring your laptop and click along during the workstation.
Tracefiles are ready for download at https://sharkfest.packet-foo.com/kerberos-deep-dive.zip
A Python interpreter is recommended, but not required.
For over 20 years, Eddi has been looking at network protocols to find (or rule out) network problems, vulnerabilities, ongoing hacking attacks or just for fun.
Working for the Swiss train company BLS as IT security analyst, he is reviewing the configuration of a multitude of systems to improve the overall security of the domain. Wireshark is one of the tools to verify the outcome of a configuration change.
Shameless promotion: Visit https://www.bls.ch/en/freizeit-und-ferien/ausflug to find some of the best destinations in Switzerland.