๐ Module 2: Kerberos Authentication
Advanced Kerberos authentication security, attack techniques, and defense strategies
๐งช Kerberos in GOAD
Use GOAD to practice Golden/Silver tickets, Kerberoasting, and delegation safely.
๐ Module Overview
This advanced module dives deep into Kerberos authentication security, covering both attack techniques and defense strategies. You'll learn about Golden and Silver ticket attacks, Kerberoasting, delegation abuse, and advanced persistence mechanisms used by real-world threat actors.
4
Comprehensive Lessons
2
Hands-on Labs
15+
Attack Techniques
20+
Defense Strategies
๐ฏ Learning Objectives
By completing this module, you will be able to:
- Understand Kerberos authentication protocol and security implications
- Master Golden and Silver ticket attack techniques
- Execute Kerberoasting and AS-REP roasting attacks
- Identify and exploit delegation vulnerabilities
- Implement advanced Kerberos security countermeasures
- Analyze Kerberos traffic for security assessment
๐ Lesson Structure
๐ Lesson 1: Kerberos Protocol Fundamentals
90 minutesTopics Covered:
- Kerberos authentication flow
- Ticket Granting Service (TGS)
- Authentication Service (AS)
- Service Principal Names (SPNs)
- Kerberos security mechanisms
Learning Outcomes:
Understand the complete Kerberos authentication process and identify potential attack vectors.
๐ซ Lesson 2: Golden & Silver Ticket Attacks
120 minutesTopics Covered:
- Golden ticket attack methodology
- Silver ticket exploitation
- KRBTGT account compromise
- Service account exploitation
- Persistence mechanisms
Learning Outcomes:
Master advanced ticket-based attacks and understand their detection and prevention.
๐ฅ Lesson 3: Kerberoasting & AS-REP Roasting
105 minutesTopics Covered:
- Kerberoasting attack techniques
- AS-REP roasting methodology
- Service account enumeration
- Hash cracking strategies
- Prevention and detection
Learning Outcomes:
Execute credential harvesting attacks and implement effective countermeasures.
๐ Lesson 4: Delegation Abuse & Advanced Attacks
135 minutesTopics Covered:
- Unconstrained delegation abuse
- Constrained delegation exploitation
- Resource-based constrained delegation
- S4U2Self and S4U2Proxy attacks
- Advanced persistence techniques
Learning Outcomes:
Understand delegation vulnerabilities and implement comprehensive security controls.
๐งช Hands-on Labs
๐ฌ Lab 1: Kerberos Attack Simulation
2 hoursLab Objectives:
- Set up Kerberos attack environment
- Execute Golden ticket attack
- Perform Silver ticket exploitation
- Analyze attack artifacts
Requirements:
Windows domain environment, attack tools, monitoring capabilities
๐ก๏ธ Lab 2: Kerberos Defense Implementation
2.5 hoursLab Objectives:
- Implement Kerberos security controls
- Configure monitoring and alerting
- Test defense effectiveness
- Document security improvements
Requirements:
Windows domain environment, SIEM/logging capabilities, security tools
๐ ๏ธ Essential Tools
๐ฏ Attack Tools
- Rubeus - C# Kerberos attack toolkit
- Mimikatz - Credential extraction and ticket manipulation
- CrackMapExec - Post-exploitation framework
- Kerbrute - Kerberos brute force tool
๐ Analysis Tools
- BloodHound - AD attack path analysis
- PowerSploit - PowerShell AD tools
- Impacket - Python network protocols
- Kerberoast - Kerberoasting toolkit
๐ก๏ธ Defense Tools
- Attack Surface Analyzer - Security configuration analysis
- Windows Defender ATP - Advanced threat protection
- Azure Sentinel - SIEM and security analytics
- Sysmon - System monitoring
๐ Assessment & Certification
๐ Module Assessment
Comprehensive assessment covering all Kerberos security concepts, attack techniques, and defense strategies.
- Multiple choice questions
- Practical scenario analysis
- Attack technique identification
- Defense strategy evaluation
๐ Completion Certificate
Earn a certificate upon successful completion of all lessons, labs, and assessments.
- Digital certificate
- LinkedIn profile integration
- Verification system
- Continuing education credits