Where 2 Worlds Collide: Bringing Mimikatz et al to UNIX

Conference:  BlackHat EU 2018



The presentation discusses the vulnerabilities of Active Directory on UNIX systems and the importance of acknowledging peers and vendors who have helped in the research.
  • Active Directory on UNIX is vulnerable to password attacks and trust relationship exploitation
  • Vendors and peers have been helpful in the research process
  • Acknowledging peers and vendors is important
The speaker mentions how vendors have been responsive and helpful in providing internal source code to aid in attacking vulnerabilities. They also mention the importance of acknowledging peers who have helped along the way.


Over the past fifteen years there's been an uptick in "interesting" UNIX infrastructures being integrated into customers' existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heterogeneous Windows network, they may not be as well understood by a typical UNIX admin who does not have a strong background in Windows and AD. Over the last few months I've spent some time looking a number of specific AD integration solutions (both open and closed source) for UNIX systems and documenting some of the tools, tactics and procedures that enable attacks on the forest to be staged from UNIX.