Dates
Conferences
Tags
Sort by:
Most recent
Conference: Defcon 31
Authors: Ceri Coburn Red Team Operator & Offensive Security Dev @ Pen Test Partners
2023-08-01
The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft's Kerberos stack relies on non standard data to identify it's users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Onkar Bhat
2022-05-18
tldr - powered by Generative AI
The tutorial demonstrates how to secure access to a Kubernetes application using Active Directory-based authentication with OpenLDAP, DEX, and OAuth2 Proxy.
- The tutorial is aimed at users who want to migrate applications to Kubernetes or deploy new applications in Kubernetes and leverage their Active Directory server for authentication.
- Option one involves rewriting the application to send an LDAP request to the OpenLDAP server, but the tutorial focuses on option three, which does not require rewriting the application.
- Option three involves deploying OpenLDAP, DEX, and OAuth2 Proxy, and editing the system's hosts file to redirect the browser to the local host address where the servers are listening.
- OpenLDAP is a directory service developed by Microsoft for Windows domain networks that uses the Lightweight Directory Access Protocol (LDAP).
- DEX is an identity service that uses OpenID Connect, and OAuth2 Proxy is a reverse proxy for handling OAuth.
- The tutorial includes step-by-step instructions for deploying OpenLDAP, DEX, and OAuth2 Proxy, and editing the system's hosts file.
- At the end of the tutorial, the Pac-Man application is installed and access to it is secured by authenticating against the OpenLDAP server running in the Kubernetes cluster.