O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Active Directory Trusts

137 visualizações

Publicada em

Talk presentation about introduction to AD trusts. Talk was delivered @Null Bangalore and @OWASP Bangalore chapter on 18th April February 2019.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Active Directory Trusts

  1. 1. ACTIVE DIRECTORY TRUSTS
  2. 2. • YATIN WADHWA • THREAT ANALYST AT OPTIV INC • TWITTER : @yatin309 • LINKEDIN : www.linkedin.com/in/yatin- wadhwa-6214151a4 PS > GET-ADUSER
  3. 3. WHAT ARE TRUSTS ? • A trust is a relationship, which you establish between domains, that makes it possible for users in one domain to access shared resources in a different domain. • A trust links up the authentication systems of two (or more) domains and allows authentication traffic to flow between them.
  4. 4. TRUST TYPES TRUST TYPE TRANSITIVITY DIRECTION PARENT - CHILD TRANSITIVE TWO - WAY TREE - ROOT TRANSITIVE TWO - WAY SHORTCUT TRANSITIVE ONE-WAY OR TWO-WAY FOREST TRANSITIVE ONE-WAY OR TWO-WAY EXTERNAL NON-TRANSITIVE ONE-WAY OR TWO-WAY REALM TRANSITIVE OR NON-TRANSITIVE ONE-WAY OR TWO-WAY
  5. 5. TRUST PATH https://technet.microsoft.com/en-us/library/cc759554(v=ws.10).aspx
  6. 6. TRUST PATH Enumeration from Domain testlab.local : Enumeration from Domain contoso.local :
  7. 7. Scenario 1 Scenario 2
  8. 8. • Security Identifiers (SIDs) • Access Token and Authentication • Security Descriptors and Authorization • SID History • SID Filtering TRUST COMPONENTS
  9. 9. • FOREST AUTHENTICATION • SELECTIVE AUTHENTICATION AUTHENTICATION MECHANISMS
  10. 10. KERBEROS AUTHENTICATION ACROSS TRUSTS http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/
  11. 11. • Golden Ticket using SID History Golden Tickets are forged Ticket Granting Ticket(TGT), also called authentication tickets. Once the attacker has the KRBTGT password hash, he/she can generate a ticket which can be used on any machine in the domain. Used to get valid TGS tickets from DCs in the AD forest and provides a great method of persisting on a domain with access to everything. ABUSE OF TRUSTS
  12. 12. Golden Ticket using SID History
  13. 13. Golden Ticket using SID History
  14. 14. Golden Ticket using SID History
  15. 15. Forging Inter Trust Tickets • Well known remediation of the golden ticket attack is the changing the password of KRBTGT account twice. • Even if the KRBTGT account’s password is changed, the inter-realm trust keys aren’t rotated. • Forged Inter Trusts key can be used to impersonate an Enterprise Admin and regain full domain/forest admin rights.
  16. 16. FOREST TRUSTS • According to Microsoft, Forest is a security boundary as stated in “What are Domain and Forests” document under section Forests as Security Boundaries. • In 2018, Lee Christensen from SpectorOps discovered a bug which is called the “Printer Bug”. • By Abusing the MS-RPRN() protocol, administrators in a forest can compromise resources in a forest with which it shares a two-way inter forest trust.
  17. 17. REFERENCES 1. http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking- domain-trusts/ 2. http://www.harmj0y.net/blog/redteaming/the-trustpocalypse/ 3. https://adsecurity.org/?p=1588 4. https://adsecurity.org/?p=1640
  18. 18. THANK YOU

×