You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm currently trying to mimic the behaviour of Windows' Smartcard authentication, but Rubeus and asktgt acts differently, causing detection by Defender for Identity (MDI). The /opsec flag tries to mimic the smartcard behaviour as observed with Wireshark, but only when no certificate is used to authenticate (Kerberos' PKINIT extension).
This can be seen here (https://github.com/GhostPack/Rubeus/blob/master/Rubeus/Commands/Asktgt.cs#L258), where the opsec variable, populated by the /opsec flag, is not passed to the overloaded Ask.TGT function. Especially the AS-REQ without pre-authentication, which is usually issued when using smartcard auth, is missing.
I might find some time next week to fix this myself.
The text was updated successfully, but these errors were encountered:
I'm currently trying to mimic the behaviour of Windows' Smartcard authentication, but Rubeus and asktgt acts differently, causing detection by Defender for Identity (MDI). The
/opsecflag tries to mimic the smartcard behaviour as observed with Wireshark, but only when no certificate is used to authenticate (Kerberos' PKINIT extension).This can be seen here (https://github.com/GhostPack/Rubeus/blob/master/Rubeus/Commands/Asktgt.cs#L258), where the
opsecvariable, populated by the/opsecflag, is not passed to the overloadedAsk.TGTfunction. Especially the AS-REQ without pre-authentication, which is usually issued when using smartcard auth, is missing.I might find some time next week to fix this myself.
The text was updated successfully, but these errors were encountered: