“Pass-The-Ticket”

Windows Kerberos authentication bypass,

Whitepaper + PoC published:

http://secgroup.dais.unive.it/projects/kerberos/

have fun.

09-15-10 UPDATE:

Google Docs mirror for everything: Paper, kdcreplay, Krb5Crypto

Fun with Process Stalker and IDAPython

if you use IDA with Process Stalker, you may find useful these two little scripts:

ps_idapy_gen_colorize.py

This parse a gml graph generated by Process Stalker and prints an idapython script which can be used to reflect in the ida graph the color scheme created by Process Stalker.

mark_blocks.py

An idapython script which scans all functions in the current module and sets a (disabled) breakpoint at the start of each block marked purple, which is the color Process Stalker uses to mark “interesting” blocks (see ps_graph_highlight.py). This is useful to have a list of “interesting blocks”.

Windows Kerberos Authentication Bypass

A vulnerability was found in Windows Kerberos Authentication system, an attacker with physical access to a machine in a Windows domain and the ability to manipulate network traffic could bypass authentication.
Paper + PoC soon to be released…

W00t!

Ca Foscari’s Secgroup gets his little share of celebrity: press release

( W00t! We are on the newspaper! And I didn’t do anything!)