Alberto Rodriguez
Alberto Rodriguez is a seasoned Information Security Professional with over 9 years of experience in penetration testing, red team engagements, threat hunting, and incident response. As a former Army Cyber Operations Officer, he specializes in adversary detection and simulation. Currently, Alberto leads offensive security teams as Senior Managing Security Consultant at Guidepoint Security and creates security solutions at Bad Sector Labs. He has presented at BSides Augusta, BSides Orlando, AvengerCON, GRRCon, and VetSec CON. Alberto holds a graduate degree in Digital Forensics from Champlain College and maintains industry certifications including OSCP, CISSP, CRTO, GRTP, GCWN, and GPEN.
@ar0d
Session
As Microsoft phases out NTLM authentication, red teamers and pentesters need alternative techniques to maintain certain offensive capabilities. This talk demonstrates how Kerberos authentication can be abused through relaying attacks, providing a direct replacement for common NTLM relaying tradecraft. We'll cover the timeline for NTLM deprecation, practical Kerberos relaying techniques, demonstrate common attacks, and maybe even demonstrate some less common methods of abuse.
For defenders, we'll examine detection strategies beyond simply disabling NTLM, highlighting effective mitigations including Extended Protection for Authentication and LDAP signing requirements. Attendees will leave with actionable knowledge to both execute and defend against these emerging attack vectors in modern Active Directory environments.