Controlling and monitoring Access Flashcards

1
Q

Kerberos Definition

A

Authentication system that uses ticketing.

Uses symmetric key encryption for confidentiality and integrity of communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Kerberos System Components

A

Key distribution center (KDC): Trusted third party that provide authentication services. All clients and servers are registered with the KDC

Kerberos Authentication Server: Hosts the KDC services: Ticket Granting Service (TGS) and Authentication Service (AS).

Ticket: Encrypted message that provides proof a subject is authorized to access an object. (AKA Service Ticket)

Ticket Granting Ticket (TGT): Encrypted message providing proof subject has authenticated through the KDC and is authorized to request tickets to access objects. Contains symmetric key, IP address and expiration date.

Kerberos Principle: An entity (typically a user) that can be granted it ticket

Kerberos Realm: A logical area such as domain that is controlled by Kerberos.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Kerberos Login Process (6 steps)

A
  1. Enter credentials
  2. Client sends encrypted credentials to KDC
  3. KDC verified credentials
  4. KDC creates symmetric key hashed with user’s password. It also creates timestamped encrypted TGT.
  5. KDC sends symmetric key and TGT to client
  6. Client installs TGT until it expires and decrypts using hash of user password.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Kerberos Object Access Process

A
  1. Client sends TGT to KDC with request to access a resource
  2. KDC verifies TGT and checks access list to see if subject is authorized to access object
  3. KDC generates service ticket and sends to client
  4. Client sends service ticket to server/service hosting object for access
  5. Server/service verified validity of service ticket with KDC
  6. Once identity and authorization is verified by KDC and service, access is granted to subject.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Pass the Hash

A

?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Overpass the Hash

A

Attacker requests a TGT with the user’s hash and use this to access network resources. Used when NTLM is disabled on network and Pass the Hash is not available. also called pass the key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Pass the Ticket

A

Try to harvest tickets from lsass.exe and then inject them into a user to attempt impersonation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Silver Ticket

A

Captures NTLM hash from a service account to create a ticket granting service ticket. Gives hacker same access as service account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Golden Ticket

A

Steals hash of the KRBTGT kerberos service account. Can create tickets at will.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Kerberos Brute-force

A

used to guess usernames and passwords. kerberos reports if they are valid.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ASREPRoast

A

Identifies users that don’t have kerberos pre-authentication enabled. C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ASREPRoast

A

Identifies users that don’t have kerberos pre-authentication enabled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Kerberoasating

A

Collects TGTs or TGSs and tries to decrypt them offline.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly