Slides here: /redirect?q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FCampbell%2FDEFCON-22-Christopher-Campbell-The-Secret-Life-of-Krbtgt.pdf&event=video_description&v=7HdcEQGQZDU&redir_token=XUAls5sLm4iDgHPV7bVSprWmtet8MTUzNzM5ODAwNUAxNTM3MzExNjA1
The Secret Life of Krbtgt
Christopher Campbell SECURITY RESEARCHER
A tale of peril and woe, Krbtgt is the domain account that you just can't quit. Quiet and harmless, it has been with your enterprise since you first installed Active Directory. Although disabled, it has witnessed years of poor configurations, remote code execution vulnerabilities and bad administrator passwords. Come hear Krbtgt's story and see why its days should be numbered. If you don't laugh, you'll cry. This talk is targeted at Windows administrators, penetration testers and incident handlers and will explore why Microsoft's implementation of Kerberos is not the answer to its many credential problems.
Chris is a security practitioner with over a decade of experience attacking and securing enterprise networks. Currently, he is a security researcher and developer for the Harris Corporation. Formerly, Chris spent over 12 years in the U.S. Army Reserve and spent four years as an operator in the Computer Exploitation section of the U.S. Army Red Team. He has a Master of Science in Information Assurance from Capitol College and holds several industry certifications that he’d prefer you not hold against him. Chris is one of the developers of PowerSploit and has given presentations at BlackHat USA, Derbycon, Shmoocon Firetalks and multiple Bsides events. He maintains a blog at www.obscuresec.com and is active on twitter (@obscuresec).