New Technique Exploits Multicast Poisoning for Kerberos Relay
/ 1 min read
🔄 New Kerberos Relaying Technique Exploits Multicast Poisoning Over HTTP. Researchers have unveiled a novel method for performing Kerberos relaying over HTTP by leveraging multicast name resolution poisoning, building on previous work by James Forshaw. This technique allows attackers to manipulate DNS responses, redirecting HTTP clients to their machines and capturing Kerberos authentication requests. The implementation utilizes tools like Responder and krbrelayx, enabling exploitation without prior authentication in certain scenarios. While this method presents a viable alternative to existing relaying techniques, it is limited to environments where LLMNR is enabled and the victim is within the attacker’s multicast range. To mitigate such attacks, disabling local name resolution protocols and enforcing security measures in Active Directory services is recommended.
