Bristol Meetups

Damage Limitation & Kerberos authentication

Agenda:
• 6:00 pm - Social
• 6:30 pm - OWASP update
• 6:35 pm - Presentation 1: Damage Limitation, Craig Francis
• 7:30 pm - Presentation 2: Deep dive into Kerberos authentication, Sadi Zane @BSI group.

Presentation 1: Damage Limitation

Description: Assuming your website contains a security vulnerability somewhere; maybe it’s XSS, SQL injection, the ability for the attacker to upload malicious content to your images folder, etc. It’s easy to make a mistake, so let’s look at additional layers of defence.

Bio: I've built quite a few websites over the last 20-something years; where I focus on Security, Accessibility, and Performance.

Presentation 2: Deep dive into kerberos authentication, delegations, combining windows NTLM relay to compromise/execute code on joined domain servers

Abstract: Deep dive into Kerberos authentication, delegations, combining windows NTLM relay, capture encrypted machine account credentials relay to domain controller and remote code execution on domain joined servers. The attack demonstrate stealth post exploitation techniques, issue and reuse the machine accounts TGT tickets and impersonate a higher privilege user e.g. administrator Abusing the S4U2SELF and S4U2Proxy Kerberos delegation concept.

Bio: Sadi Zane - Senior Security Consultant @BSI group. OSCP/Infrastructure Check Team Leader - Red Teamer, Penetration Tester. I am passionate about ethical hacking, conduct red team engagements, insider threat simulations attacks helping clients securing their systems from advanced threat actors.