On Attacking Kerberos Authentication Protocol in Windows Active Directory Services: A Practical Survey

Abstract

Organizations use Active Directory Windows service to authenticate users in a network with the extended Kerberos Authentication protocol. Therefore, it is necessary to investigate its resistance to the different types of attacks it can suffer, the best way to detect them and to parameterize it to mitigate the effects of the attacks. This work analyzes the main Kerberos attacks in Active Directory Windows networks, inherent in the design of the protocol and not resolved. For each attack the objective is studied, implementation is developed in a virtual laboratory and detection is analyzed, proposing measures for mitigation and response. Subsequently, they are discussed in a general way and the results of the attacks are analyzed according to some parameters. As conclusions of the work carried out, it should be noted that although the attacks are mostly difficult to implement, their detection is even more complicated, and the damage is very severe so it's necessary to continuously monitor the logs in these environments to detect them and taking into account strict recommendations for mitigation and response.