maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Kerberos Authentication documentation

Browse Source
This commit is contained in:
SirBroccoli 2025-09-03 12:32:48 +02:00 committed by GitHub
parent bcb06375f6
commit 520e7ee968
1 changed files with 2 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/windows-hardening/active-directory-methodology/kerberos-authentication.md
View File

@ -2,19 +2,6 @@
{{#include ../../banners/hacktricks-training.md}}
Kerberos is time-sensitive. A typical default clock skew tolerance is 5 minutes. If your attacking host clock drifts beyond this window, pre-auth and service requests will fail with KRB_AP_ERR_SKEW or similar errors. Always sync your time with the DC before Kerberos operations:
**Check the amazing post from:** [**https://www.tarlogic.com/en/blog/how-kerberos-works/**](https://www.tarlogic.com/en/blog/how-kerberos-works/)
```bash
sudo ntpdate <dc.fqdn>
```
For a deep dive on protocol flow and abuse:
**Check the amazing post from:** [https://www.tarlogic.com/en/blog/how-kerberos-works/](https://www.tarlogic.com/en/blog/how-kerberos-works/)
## References
- [How Kerberos Works Tarlogic](https://www.tarlogic.com/en/blog/how-kerberos-works/)
- [HTB Sendai 0xdf (operational notes on clock skew)](https://0xdf.gitlab.io/2025/08/28/htb-sendai.html)
{{#include ../../banners/hacktricks-training.md}}
{{#include ../../banners/hacktricks-training.md}}