Breaking Active Directory Using Publicly Documented Kerberos Features
who: Andrew Bartlett
when: Fri, 01 Jul 2022 16:30:00 +1200
where: The Michael Fowler Centre
In November 2021 both Samba and Windows released very similar security updates. By December 2021 other security researchers had publicly worked out what happened. This is the story of the year prior, the ups and downs of coordinated disclosure and important lessons learnt dealing with MSRC.
Andrew Bartlett will show how a choice in the implementations of and interaction between Kerberos and other parts of Active Directory was in fact a critical vulnerability hidden in plain sight.
Finally, Andrew will note that while MachineAccountQuota is a terrible idea, there is no value in being sumg: Samba ended up just as bad even without that ‘feature’.
Andrew Bartlett is a Samba developer, Samba Team member and leads the Samba development effort at Catalyst here in Wellington. Andrew has been working on Samba and Windows authentication protocols for over 20 years now. Finally, Andrew has been recognised by Microsoft on their Q4 2021 Security Researcher leaderboard (at #89 globally). When not hacking Samba and Windows he likes to be found on his trusty, fully human-powered, pushbike.