Video of my Kawaiicon talk: The "Dollar Ticket Attack" on AD and Linux Kerberos clients

Andrew Bartlett abartlet at samba.org
Mon Jul 11 01:22:04 UTC 2022


On Sat, 2022-07-09 at 18:46 +1200, Andrew Bartlett via krbdev wrote:
> I was going to wait until a per-talk video was hosted by the organisers
> of the conference, but in the meantime this link into the live stream
> works.
> 
> I'm sharing this as I wanted to share the video as folks have been
> interested. 
> 
> https://youtu.be/4hBLf2vQc8k?t=30560
> 
> It would be great if the linux side could become harder to exploit at
> some point, I have some suggestions at the end of the talk, and Sumit
> has had some suggestions around disabling an 'a2ln' plugin. 
> 
> It would be good if someone could write up some good guidance for users
> on how best to defend against it on the Linux side, both with a 'simple
> keytab on server', or 'samba publishing keytab' or other similar
> configurations.
> 
> I also tell the tale of how I broke into Windows AD last November,
> similar to but more punchy than SambaXP talk, which I think was pretty
> cool. 
> 
> Anyway, enjoy and be worried!

I've started to put together a wiki page mostly with links.  It is
probably still at the stage of being confusing even to this audience
(and is totally missing a 'how do I protect myself' section), but
perhaps someone can help fill that out.  

In the meantime at least it links some of the various documents, talks,
exploit steps etc:
https://wiki.samba.org/index.php/Security/Dollar_Ticket_Attack

I would appreciate it being extended.  (Please don't be put off by
needing to get an account, it just a spam prevention barrier). 

Andrew Bartlett
-- 
Andrew Bartlett (he/him)        https://samba.org/~abartlet/
Samba Team Member (since 2001)  https://samba.org
Samba Developer, Catalyst IT    https://catalyst.net.nz/services/samba




More information about the samba-technical mailing list