Conference Talks – September 2020

This month, NCC Group researchers will be presenting their work at the following conferences:

  • Rami McCarthy, “AWS Security: Easy Wins and Enterprise Scale,” to be presented at BSides Boston (Virtual – September 26 2020)
  • Dirk-Jan Mollema, “Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities,” to be presented at Black Hat Asia 2020 (Virtual – September 29-October 1 2020)

Join us online! You can learn more about each presentation, below.

AWS Security: Easy Wins and Enterprise Scale
Rami McCarthy
BSides Boston – Virtual
September 26 2020

Cloud computing continues its rampant growth, and AWS maintains its lead as the predominant platform. Since the last BSidesBoston in 2017, AWS adoption has gone from 57% to 76% of enterprises.* Whether your organization has two feet firmly in the cloud, is dipping a toe in the water, or you personally are wondering “where do I even start,” it’s important to learn to adjust security to cloud environments. 

This talk will look at two extremes. First, we’ll go through the easy wins that almost any one or any organization can identify and apply. Then, we’ll pivot to look as the the big picture security problems to consider as either your security maturity or AWS usage grows. We won’t be able to go deep into all the weeds of the topic, but instead we’ll provide the essential information, and pointers for next steps. No matter your size, complexity, or sophistication of your AWS environment, you should walk away with an idea of where to look for your next actionable improvements.

* Per RigthScale/Flexera State of the Cloud 2017/2020

Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities
Dirk-jan Mollema
Black Hat Asia 2020 – Virtual
September 29-October 1 2020

In larger enterprise environments multiple Active Directory forests are often in use to separate different environments or parts of the business. To enable integration between the different environments, forests trusts are set up. The goal of this trust is to allow users from the other forest to authenticate while maintaining the security boundary that an Active Directory forest offers. In 2018, this boundary was broken through default delegation settings and Windows features with unintended consequences. In 2019 the security boundary was once again established through a set of changes in Active Directory. This research introduces a vulnerability in Kerberos and forest trusts that allows attackers to break the trust once again. The talk will provide technical details on how Kerberos works over forest trusts and how the security boundary is normally enforced. Then the talk will discuss a flaw in how AD forest trusts operate and how this can be combined with a vulnerability in the Windows implementation of Kerberos to take over systems in a different forest (from a compromised trusted forest). The talk will be accompanied by a proof-of-concept and a demonstration of abusing the vulnerability.