Kerberos Explained (In 3 Levels Of Detail)

แชร์
ฝัง
  • เผยแพร่เมื่อ 21 ธ.ค. 2024

ความคิดเห็น •

  • @jeffmutunga3436
    @jeffmutunga3436 2 ปีที่แล้ว +11

    I can't believe am getting this quality content for free from youtube

  • @rafster15able
    @rafster15able 3 ปีที่แล้ว +9

    VB what you offers is pure quality ... whenever I find it difficult to understand something that is quite technical about kerberos I return to your videos. you are amazing

  • @anupthakare6679
    @anupthakare6679 4 ปีที่แล้ว +13

    Really helped understand the request flow diagram in Kerberos authentication. You have explained the complex looking concepts in a very simplified manner. Kudos! Keep up the great work!

  • @PixelSergey
    @PixelSergey 3 ปีที่แล้ว +6

    After a ton of incomprehensible tutorials, this made it click. Thanks!

    • @vbscrub
      @vbscrub  3 ปีที่แล้ว +1

      great to hear :) thanks

  • @rlejeune65
    @rlejeune65 2 ปีที่แล้ว +6

    Your three-tiered approach proved to be very effective in helping me grasp the info. First time viewing one of your videos. I'm subscribed and think I'll be spending significant time in your presentations. Thanks.

    • @vbscrub
      @vbscrub  2 ปีที่แล้ว +1

      Glad to hear that, thanks :)

  • @slythx5231
    @slythx5231 2 ปีที่แล้ว +3

    You explained the topics very clearly not only for this video but to all of your videos. I hope you come back and create more videos again, thank you!

    • @vbscrub
      @vbscrub  2 ปีที่แล้ว +1

      thanks, always nice to hear :) not sure if I'll be making more content any time soon as this was only ever a hobby for me. Might do a video explaining that though lol

  • @skeletonscorpion
    @skeletonscorpion 4 ปีที่แล้ว +19

    Damn, the Wireshark part was really helpful. I wish I could give more than a like because of the effort you put into this, specifically talking about the script you made for demo purposes. Subbed!

  • @xoreaxeax2885
    @xoreaxeax2885 ปีที่แล้ว +2

    Thank you for the Clear Explanation 🙏🙏, one of the best video on Kerberos authentication and practical demonstration through pcap

  • @TechChefMM
    @TechChefMM ปีที่แล้ว +2

    Absolutely FANTASTIC Kerberos explanation, diagrams, AND demo! Kudos to you! I've already watched it twice. MM

    • @vbscrub
      @vbscrub  ปีที่แล้ว +1

      cheers, glad to hear it helped!

  • @6767kelso
    @6767kelso ปีที่แล้ว +3

    Dude thank you so much. I spent hours trying to understand this process. I felt like I had almost all the parts except a couple steps weren't clicking for me. You made those click. Cheers!

  • @abdulaleem1914
    @abdulaleem1914 2 ปีที่แล้ว +5

    I have yet to see a better explanation than this! (Although I am not searching for it because there cannot be a better explanation than this). Great Work. God bless you

  • @cybrflash
    @cybrflash ปีที่แล้ว +2

    @VbScrub - this is the single BEST in-depth explanation and deep dive into Kerberos I've ever seen, and I've read (and watched) **all of them**. I've read the MIT documentation, the Windows & Microsoft documentation, many other Blogs and Guides and videos, and you have single-handedly outclassed them all.
    Kerberos is an incredibly complex and confusing topic (largely due to the authors of the protocol) that you have broken down and explained step by step of the 5 W's (Where, When, Why, hoW and Who) of modern Kerberos. Thank you so much! Subscribed!

    • @vbscrub
      @vbscrub  ปีที่แล้ว +1

      thanks for the kind words!

  • @bonesseben5682
    @bonesseben5682 2 ปีที่แล้ว +2

    best video on kerberos stuff that ive found - THX

  • @TheRonTait
    @TheRonTait 3 ปีที่แล้ว +2

    Finally a video that has a pcap example along with it. Nicely done mate.

  • @enisibro4449
    @enisibro4449 2 ปีที่แล้ว +2

    THANK YOU!
    this is BY FAR the best explanation ive found. it is so good that im writing my first comment ever on YT bc it helped me a lot!

    • @vbscrub
      @vbscrub  ปีที่แล้ว +1

      Glad it helped!

  • @SirAlmightyGamer
    @SirAlmightyGamer 4 ปีที่แล้ว +12

    Fantastic video. I watched another intro video a few weeks, but that video did not even come close to this level of detail. Your experience in this field shows and I hope you continue to make content. Thank you :)

    • @vbscrub
      @vbscrub  4 ปีที่แล้ว +1

      thanks, much appreciated!

    • @dirkterlaeken6087
      @dirkterlaeken6087 2 ปีที่แล้ว +1

      Indeed same for me ! Well explained.

  • @anonymousmouse2889
    @anonymousmouse2889 2 ปีที่แล้ว +2

    Thank you for the great, in depth explanation!! I've been struggling with this on the Security + practice exam. Going to get this nailed down today.

  • @viktoriapogorzhelska4463
    @viktoriapogorzhelska4463 2 ปีที่แล้ว +2

    Best AD content on youtube, thank you

  • @damienstevens4678
    @damienstevens4678 3 ปีที่แล้ว +9

    Your explanations are phenomenal. Thank you

  • @ttinnes
    @ttinnes 2 ปีที่แล้ว +2

    Wow! This made such a difference in my understanding of Kerberos. Thank you so much for all your effort.

  • @CaedenV
    @CaedenV 2 ปีที่แล้ว +1

    So many years using Windows systems, and never needed to know much of anything about Kerberos other than making sure your time is set correctly... Until the Nov 2022 updates when MS broke it all lol. Really shows how robust this whole system is that it has rarely been an issue before when it is tied to literally everything windows.

  • @ibrahim_akalin
    @ibrahim_akalin 4 ปีที่แล้ว +3

    Recently discovered and subbed. Came here only knowing what Kerberos is used and good for, saw the whole video and now I can say I've learned a lot. You are producing some high quality content, thank you very much! I'm glad I discovered your channel and looking forward to new videos!

    • @vbscrub
      @vbscrub  4 ปีที่แล้ว +1

      Thanks, glad you learned something from it :)

  • @nishanths6222
    @nishanths6222 2 ปีที่แล้ว +1

    I like the way you're teaching... Thanks...

  • @julianjung7739
    @julianjung7739 2 ปีที่แล้ว +1

    This was the best explanation I found by far. Thank you.

  • @jamesflorian7380
    @jamesflorian7380 2 ปีที่แล้ว +1

    Best explanation on TH-cam. Thank you!

  • @cassandrachang1243
    @cassandrachang1243 2 ปีที่แล้ว +2

    This is so helpful. Love the way you explained it in layers. Thank you so much.

    • @vbscrub
      @vbscrub  2 ปีที่แล้ว +1

      no problem. Glad it helped!

  • @0123bar
    @0123bar 3 ปีที่แล้ว +1

    amazing work, i couldnt fully understand this topic until i came across this !! wow !!

  • @otvs5838
    @otvs5838 2 ปีที่แล้ว +1

    Really Awesome the way you have explained ! Thank you very much for your time and really appreciated !!

  • @TalsonHacks
    @TalsonHacks 3 ปีที่แล้ว +5

    This is really helpful and made so many concepts clearer to me. Thank you so much!

  • @xscorp382
    @xscorp382 2 ปีที่แล้ว +2

    Wow that was such an awesome explanation. Thank you so much for putting efforts to create this video, sir! It really helped me a lot.

    • @vbscrub
      @vbscrub  2 ปีที่แล้ว +1

      thanks, glad to hear that :)

  • @mohamedtarik8512
    @mohamedtarik8512 2 หลายเดือนก่อน

    the best Kerberos explanation on the web

  • @finnlestrange5483
    @finnlestrange5483 4 ปีที่แล้ว +4

    Nice video and a good explanation, very useful for hackthebox and understanding what the remote machine is doing, keep up the good work dude!

    • @vbscrub
      @vbscrub  4 ปีที่แล้ว +1

      Thanks :)

  • @NathanBorowicz
    @NathanBorowicz ปีที่แล้ว

    This method of explanation is brilliant, starting simple so you get a chance to understand the principals first then expand on that. All the other videos I've seen just dive in the deep end and it's too confusing.

  • @theimperror
    @theimperror 2 ปีที่แล้ว +1

    Best explanation ever!
    Thank your for your work, that was amazing!

  • @jaredmeit6127
    @jaredmeit6127 4 ปีที่แล้ว +1

    These videos are invaluable. Thank you so much for making them.

  • @sb77de
    @sb77de ปีที่แล้ว +1

    Superb explanation, thanks 🙏

  • @wilfredomendez3450
    @wilfredomendez3450 3 ปีที่แล้ว +1

    Awesome, clear, concise and to the point thanks for sharing.

    • @vbscrub
      @vbscrub  3 ปีที่แล้ว +2

      thanks :)

  • @shanedetsch
    @shanedetsch ปีที่แล้ว

    Thank you particularly the packet capture at the end! Can you explain the use of the ( kvno ); I see it is 2 for the as-rep ticket enc-part and 4 for as-rep enc-part then later on is 6 for the tgs-rep ticket enc-part?

  • @1ajaypaul
    @1ajaypaul 2 ปีที่แล้ว +1

    excellent vid. thanks

  • @jattboe8617
    @jattboe8617 2 ปีที่แล้ว +1

    Thank you so much for great explanation

  • @JamesBrodski
    @JamesBrodski 4 หลายเดือนก่อน +1

    Great video! Thank you so much for sharing.

  • @wouterkoorn26
    @wouterkoorn26 4 ปีที่แล้ว +1

    Great work dude, I had alot of problems with windows htb machine and this underlying knowledge is gonna help me alot. 0 dislikes for a reason :)

  • @bradleytough
    @bradleytough 3 ปีที่แล้ว +1

    This video made me sub. Great material - thanks!

  • @OliverHext
    @OliverHext ปีที่แล้ว

    Great video. Can you share the code you used in the demo?

  • @AbB-bg7mv
    @AbB-bg7mv 3 ปีที่แล้ว +1

    Nice video, i didnt get the info on where to run the wireshark (on which host), i.e client level, KDC Level, SQL Server level..... currently i am getiing issue with SAP application with SPNego steup, in the appliction log it writes err NTLM token received which is not accepted....instead the browser should send the SPNego tkt to the application service.

  • @mallikab8707
    @mallikab8707 3 ปีที่แล้ว +1

    Excellent Thank you for your time

  • @hellfire3256
    @hellfire3256 4 ปีที่แล้ว +1

    Good explaination. Can you please provide the example .Net-code so we could experiment? Thank you in advance.

  • @AseemMathur-y8m
    @AseemMathur-y8m ปีที่แล้ว +1

    26:30 AS-REQ is encrypted with the user's password not krbtgt's.. right?

  • @abelian12
    @abelian12 2 ปีที่แล้ว +1

    Thank you for the great✌

  • @Icrashathing
    @Icrashathing 3 ปีที่แล้ว +1

    Good job! Thank you for the detail explain

    • @vbscrub
      @vbscrub  3 ปีที่แล้ว +1

      no problem :)

  • @bidguru94
    @bidguru94 4 ปีที่แล้ว +2

    Thanks for your videos! I appreciate it very much man. Learnt a lot from them!

  • @for14556
    @for14556 4 ปีที่แล้ว +1

    very nice - please make more videos for windows, ad, windows security - there is enough for linux outside - but for windows it is hard to find good quality stuff with good explanation.

    • @vbscrub
      @vbscrub  4 ปีที่แล้ว +1

      Thanks. I'll do my best :)

  • @seanlau8069
    @seanlau8069 ปีที่แล้ว

    In 30:22 , TGS-REP part. Isn't the session key sent by TGS suppose to be encrypted with the session key that was previously decrypted with the user password (AS-REP)? Instead of encrypting it with user password agn.

  • @robinhood3841
    @robinhood3841 4 ปีที่แล้ว +1

    The session key of the TGS is encrypted with the service account password ??

  • @ElRammo
    @ElRammo 4 ปีที่แล้ว +1

    Really well explained, thanks for your efforts.

  • @razaabbas5668
    @razaabbas5668 3 ปีที่แล้ว +1

    Thankyou very much sir.

  • @jamesmcintosh9868
    @jamesmcintosh9868 4 ปีที่แล้ว +1

    just stumbled across your channel. thanks a stack mate

  • @socat9311
    @socat9311 2 ปีที่แล้ว

    Wouldnt public key pair make more sense? ie krbtgt holds apl the public keys but the private ones are only local
    More complex but cant see how to create large attacks

  • @mrnoobs85
    @mrnoobs85 4 ปีที่แล้ว +1

    Thank you for this great video...

  • @SnakePlissken1
    @SnakePlissken1 2 ปีที่แล้ว

    Dude where’s that code? I didn’t see you post it? Or where did you get it from?
    33:25 on your video! Can you send me it?

  • @sudharsanthiyagarajan2596
    @sudharsanthiyagarajan2596 3 ปีที่แล้ว +1

    Hidden gem 💎

  • @Houston123ABC
    @Houston123ABC 3 ปีที่แล้ว +1

    THAT was really good!

  • @sauravsharma8945
    @sauravsharma8945 3 ปีที่แล้ว

    Just need a clarification: during TGS-REP Session Key should be encrypted with TGS session key and not the user's password (NTLM hash)? User can use the previously cached TGS session key received during AS-REP to decrypt it?

  • @ustounmotorolla4575
    @ustounmotorolla4575 4 ปีที่แล้ว

    Very nice video, may I know what is the exact data encrypted using the session key in tgs-req and ap-req? Thanks

  • @dhirenbhardwaj7584
    @dhirenbhardwaj7584 5 หลายเดือนก่อน

    One Quick Question Step 6: SQL server also read session key so does that mean SQL server has User J smith account password or NTLM has of J smit account's password

  • @zazaremote8603
    @zazaremote8603 4 ปีที่แล้ว +1

    Thanks a lot for all of your content. Can you do a video where you explain windows users management and cover the difference between local administrator, domain admin, NT AUTHORITY ... and who is most powerfull account
    Thanks again

  • @arielsimon6438
    @arielsimon6438 4 ปีที่แล้ว +1

    Great video! Keep up the good work

  • @0xtz_
    @0xtz_ 4 ปีที่แล้ว +2

    awesome 👍 good explanation

  • @rosso6546
    @rosso6546 3 ปีที่แล้ว +1

    Wow! well done!

  • @chaitanyakhairnar6352
    @chaitanyakhairnar6352 3 หลายเดือนก่อน

    Thank you so much for the video! Very well explained subscribed!! :>

  • @coverterror
    @coverterror 4 ปีที่แล้ว +1

    Wow those videos are amazing thanks

  • @Aminedemetz
    @Aminedemetz 4 ปีที่แล้ว +1

    This is really great , Thanks a lot

  • @gp6723
    @gp6723 3 ปีที่แล้ว +1

    This is gold

  • @isfk
    @isfk 4 ปีที่แล้ว +1

    Very nice!

  • @westernvibes1267
    @westernvibes1267 4 ปีที่แล้ว +2

    Awesome video mate ! Have you ever thought about making attacks based on AD Trusts or MSSQL Server attacks. Again thanks for the video

    • @vbscrub
      @vbscrub  4 ปีที่แล้ว +2

      I don't know that much about SQL server security to be honest (other than the kerberos based attacks mentioned in this video) but AD domain/forest trust related attacks are definitely something that I'll do a video on in the future

    • @westernvibes1267
      @westernvibes1267 4 ปีที่แล้ว +1

      @@vbscrub cool. Keep it up mate. Just finished your cascade machine few days back. Definitely not medium level lol it was hard. Looking forward to your new boxes too.

  • @spotifyfan8084
    @spotifyfan8084 4 ปีที่แล้ว +1

    Are you sure that the session keys in step 2 and 4 are encrypted with user's password? and not with the krbtgt account?

    • @vbscrub
      @vbscrub  4 ปีที่แล้ว +1

      The session key is encrypted with both, in separate places. Watch the full video and its explained

    • @spotifyfan8084
      @spotifyfan8084 4 ปีที่แล้ว +1

      @@vbscrub Thanks a lot for your quick response! Im not really sure if formulated my question correctly, its just that i was watching your video about the kerberos golden ticket some time ago, and i couldn't completely understand the attack. I understood that if you had the krbtgt account ntlm hash then you could fake the tgt ticket, but i didn't understand how it was possible to also fake the session key. In this video, the tgs-req contains the tgt(i understood why we were able to fake it) and it also contains some data encrypted with the session key from as-rep. Before encrypting the data for the tgs-req, the session key gets encrypted with user's password and then the final result after the encryption is used to encrypt the data that will be sent in tgs-req. So how is this attack even possible if the attacker doesn't know the user's password to initially encrypted the session key before using it to encrypt the data for the tgs-req? Really long comment srry, but i hope you understand. Thanks a lot again for your quick response! :)

    • @vbscrub
      @vbscrub  4 ปีที่แล้ว +1

      The only reason you need the user's password is to decrypt the session key to prove that you know the session key contained in the TGT (because the same session key is used in the TGT but encrypted with krbtgt account password). But in a golden ticket attack we already know the session key in the TGT because we're faking the whole TGT so we can just set it to whatever we want and then encrypt the whole thing with krbtgt account password. So after that the process carries on as normal - we use the TGT to request a TGS, and as part of that request we have to prove we know the session key in the TGT by encrypting some data using the session key as the key for that encryption.

    • @vbscrub
      @vbscrub  4 ปีที่แล้ว +1

      ​@@spotifyfan8084
      This is the part you've got wrong:
      "Before encrypting the data for the tgs-req, the session key gets encrypted with user's password and then the final result after the encryption is used to encrypt the data that will be sent in tgs-req".
      The TGS-REQ doesn't include the session key encrypted with the user's password. It just includes data that is encrypted with the session key. The user's password only came into it so that the user could read the session key. So if you already know the session key (which is easy when you're able to forge the entire ticket because you have the krbtgt account password) then you can complete that step just fine without knowing the user's password

    • @spotifyfan8084
      @spotifyfan8084 4 ปีที่แล้ว +1

      Ohhhhhh now i understand, guess i just got confused with the diagram, anyways thanks a lot @VbScrub for clearing the problem in my head :) I really appreciate your work mate, keep going, really instructive videos!

  • @Mxfnk
    @Mxfnk 10 หลายเดือนก่อน

    Damn, such a good video. Thanks!

  • @benjanaranjo
    @benjanaranjo 4 ปีที่แล้ว +1

    Awesome video!

  • @Aid4r
    @Aid4r 2 ปีที่แล้ว

    Pretty good video, but there's one mistake: the new session key encrypted with previous session key, not with user's password

  • @maksimlev9704
    @maksimlev9704 4 ปีที่แล้ว +1

    wooow , finally some easy explaintation of Kerberos , plz keep it up
    but i'm wondering if i can get the kerbDemo.exe ?

    • @vbscrub
      @vbscrub  4 ปีที่แล้ว +1

      I can upload it somewhere if you want but you saw how short the code was. Would be easy to recreate it yourself in the free version of visual studio. It would need changing anyway cos it has hard coded credentials in

    • @maksimlev9704
      @maksimlev9704 4 ปีที่แล้ว +1

      @@vbscrub got it
      thank you so much and just keep it up

  • @nareshvatkar5691
    @nareshvatkar5691 3 ปีที่แล้ว

    that's in-depth Kerberos

  • @SP-hz5tp
    @SP-hz5tp 4 ปีที่แล้ว +1

    Nice!

  • @FirstnameLastName-lm6hv
    @FirstnameLastName-lm6hv 5 หลายเดือนก่อน

    Legend

  • @Rickety3263
    @Rickety3263 3 ปีที่แล้ว

    I would love to see this animated as envelopes that fit inside each other and need a key (attached to each host/service) to open.

  • @tkmks8536
    @tkmks8536 17 วันที่ผ่านมา

    who's here for OSCP

  • @SantoshKumar-bm2iz
    @SantoshKumar-bm2iz 2 ปีที่แล้ว

    Why so hurry man..you can explain slowly...

  • @shibaproy
    @shibaproy 3 ปีที่แล้ว

    Speak slowly Sir