You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm currently trying to mimic the behaviour of Windows' Smartcard authentication, but Rubeus and asktgt acts differently, causing detection by Defender for Identity (MDI). The /opsec flag tries to mimic the smartcard behaviour as observed with Wireshark, but only when no certificate is used to authenticate (Kerberos' PKINIT extension).
I'm currently trying to mimic the behaviour of Windows' Smartcard authentication, but Rubeus and asktgt acts differently, causing detection by Defender for Identity (MDI). The
/opsec
flag tries to mimic the smartcard behaviour as observed with Wireshark, but only when no certificate is used to authenticate (Kerberos' PKINIT extension).This can be seen here (https://github.com/GhostPack/Rubeus/blob/master/Rubeus/Commands/Asktgt.cs#L258), where the
opsec
variable, populated by the/opsec
flag, is not passed to the overloadedAsk.TGT
function. Especially the AS-REQ without pre-authentication, which is usually issued when using smartcard auth, is missing.I might find some time next week to fix this myself.
The text was updated successfully, but these errors were encountered: