Lab Objective:

Kerberos: What’s up with that?

Highly Recommended:

You should watch this video and revisit it several times to understand the Kerberos process. I know it as well as I do because I’ve watched VBScrub’s video multiple times and given it time and thought.

VBScrub has several videos that explain different types of attacks against Kerberos, but the video linked above explains what happens within an Active Directory environment when you try to gain access to a resource.

Here’s what happens when you enter your username/password on a domain client.

What happens when ‘Do not require Kerberos preauthentication’ is checked within a User’s account options?

If you are scratching your head a bit now, that’s fine. You have to revisit this topic and think about it to figure Kerberos out. (Nobody truly gets it the first time out of the gate!)

Exploit a user with the ‘Do not require Kerberos preauthentication’ set.