Video of my Kawaiicon talk: The "Dollar Ticket Attack" on AD and Linux Kerberos clients
abartlet at samba.org
Mon Jul 11 01:22:04 UTC 2022
On Sat, 2022-07-09 at 18:46 +1200, Andrew Bartlett via krbdev wrote:
> I was going to wait until a per-talk video was hosted by the organisers
> of the conference, but in the meantime this link into the live stream
> I'm sharing this as I wanted to share the video as folks have been
> It would be great if the linux side could become harder to exploit at
> some point, I have some suggestions at the end of the talk, and Sumit
> has had some suggestions around disabling an 'a2ln' plugin.
> It would be good if someone could write up some good guidance for users
> on how best to defend against it on the Linux side, both with a 'simple
> keytab on server', or 'samba publishing keytab' or other similar
> I also tell the tale of how I broke into Windows AD last November,
> similar to but more punchy than SambaXP talk, which I think was pretty
> Anyway, enjoy and be worried!
I've started to put together a wiki page mostly with links. It is
probably still at the stage of being confusing even to this audience
(and is totally missing a 'how do I protect myself' section), but
perhaps someone can help fill that out.
In the meantime at least it links some of the various documents, talks,
exploit steps etc:
I would appreciate it being extended. (Please don't be put off by
needing to get an account, it just a spam prevention barrier).
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba-technical