👋 Welcome to this little blog
Authentication Policy Silos defensive strategies
What’s Kerberos FAST In April 2011, RFC6113 introduce an upgrade to Kerberos user pre-authentication named Kerberos armoring (or Kerberos FAST for Flexible Authentication via Secure Tunneling). In 2012, Microsoft implements this upgrade in its new Active Directory functional level. Core concept Kerberos initial pre-authentication steps are vulnerable to password cracking. Computer AD account password are complex enough to mitigate this type of attacks. User AD account password are less complex. Since users authenticate on domain computers that have already authenticated to the domain, the idea of FAST is to strenghten user’s pre-authentication steps with this already existing and available computer’s secret (the computer’s session key). ...