logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Defcon 31
Authors: Ceri Coburn Red Team Operator & Offensive Security Dev @ Pen Test Partners
2023-08-01

The Windows Active Directory authority and the MIT/Heimdal Kerberos stacks found on Linux/Unix based hosts often coexist in harmony within the same Kerberos realm. This talk and tool demonstration will show how this marriage is a match made in hell. Microsoft's Kerberos stack relies on non standard data to identify it's users. MIT/Heimdal Kerberos stacks do not support this non standard way of identifying users. We will look at how Active Directory configuration weaknesses can be abused to escalate privileges on *inux based hosts joined to the same Active Directory authority. This will also introduce an updated version of Rubeus to take advantage of some of these weaknesses.
Authors: Onkar Bhat
2022-05-18

tldr - powered by Generative AI

The tutorial demonstrates how to secure access to a Kubernetes application using Active Directory-based authentication with OpenLDAP, DEX, and OAuth2 Proxy.
  • The tutorial is aimed at users who want to migrate applications to Kubernetes or deploy new applications in Kubernetes and leverage their Active Directory server for authentication.
  • Option one involves rewriting the application to send an LDAP request to the OpenLDAP server, but the tutorial focuses on option three, which does not require rewriting the application.
  • Option three involves deploying OpenLDAP, DEX, and OAuth2 Proxy, and editing the system's hosts file to redirect the browser to the local host address where the servers are listening.
  • OpenLDAP is a directory service developed by Microsoft for Windows domain networks that uses the Lightweight Directory Access Protocol (LDAP).
  • DEX is an identity service that uses OpenID Connect, and OAuth2 Proxy is a reverse proxy for handling OAuth.
  • The tutorial includes step-by-step instructions for deploying OpenLDAP, DEX, and OAuth2 Proxy, and editing the system's hosts file.
  • At the end of the tutorial, the Pac-Man application is installed and access to it is secured by authenticating against the OpenLDAP server running in the Kubernetes cluster.