Some experiment from years ago... This is a #Theremin with some thing to transform its signal to #midi notes , to feed a #commodore64 with tracker #SidWizard and cartridge #kerberos ... I change the instrument from times to times, with sidwizard the arpeggio are programed by "sample". You can play the music and override nchannels while playing (like a real tracker should) or stop the tracker. So great ! Dam I have to repair my kerberos. :(
#kerberos
1 post1 participant1 post today
FreeBSD is finally getting a useful (MIT) Kerberos implementation in the base system: https://cgit.freebsd.org/src/commit/?id=7f2fe78b9dd5f51c821d771b63d2e096f6fd49e9
no more messing around with Kerberos from ports (so you have two copies of kinit, kadmin, …), or dependency loops like krb5 -> openldap -> krb5.
plus we'll have support for newer ticket algorithms than aes256-cts-hmac-sha1-96 (!)
cgit.freebsd.orgsrc - FreeBSD source tree
KERBEROS (Suïssa) presenta nou àlbum: "Apostle to the Malevolent" #Kerberos #SymphonicMetal #ProgressiveDeathMetal #Març2025 #Suïssa #NouÀlbum #Metall #Metal #MúsicaMetal #MetalMusic
I used to say that I miss #SharePoint Server 2013 because #Kerberos was a lot less trouble than anything else currently in use for authentication.
But now with all this AI being put into everything I can say #SharePointServer 2013 has never looked sexier before today!
Dears, for my Linux desktop in the public sector pet project https://eu-os.gitlab.io ,
I need to learn about #freeipa identity management and #Kerberos. Any expert here at #38c3 in Hamburg with a bit of time?
Our matrix channel: #eu-os:kde.org
EU OS Proof-of-ConceptEU OS
More from 
EU OS
Continued thread
Maybe you'd like to use kerberized #NFS on #FreeBSD (client and server), but struggle with getting it to work?
If you use a #samba domain controller (with integrated #kerberos #KDC), it actually works very well, but there are somewhat surprising rough edges. This document might help:
https://sekrit.de/webdocs/freebsd/nfs-jail-kerberos-samba.html
sekrit.deJailed and kerberized NFS with a samba AD DC
Brillante Historie gezielter kapitalistischer Angriffe auf #OpenSource und #dezentraleSozialeNetze:
https://cohost.org/Janet/post/1952079-ok-nun-auch-auf-deu
#Google tötete #XMPP.
#Microsoft tötete #Kerberos.
#Meta #Facebook #Threads attackiert nun #Mastodon #Fediverse.
Wie verhindert man das? So vorbildlich wie @kev das tat, als er wegen #Instagram kontaktiert wurde und mit den Worten absagte:
"Euer Antrieb sollte sein Menschen zu verbinden, nicht ihre Privatsphäre gewinnbringend zu verkaufen!"
https://fosstodon.org/@kev/110592625692688836
Here is my writeup for CVE-2023-28244, if you are interested in that sort of thing: https://terrapinlabs.io/posts/cve-2023-28244/
terrapinlabs.io · CVE-2023-28244, Kerberos MITM, and Root CausesNetwork machine-in-the-middle (MITM) attacks are fun. This post will briefly discuss how I wrote a MITM exploit for a public Windows Kerberos vulnerability, and found another vulnerability in the process.
BackgroundIn October of 2022, I was attempting to reproduce James Forshaw’s research on downgrading Windows Kerberos encryption to the “RC4-MD4” cipher. This is an odd legacy cipher in cryptdll.dll (one of several) that is not part of the documented IETF or Microsoft Kerberos specifications, but could nonetheless be negotiated between Windows client and KDC.
New cheatsheets pushed
https://github.com/r1cksec/cheatsheets
Including:
A slim and neat script to deploy an #EC2 instance running #hashcat 
https://github.com/rootcathacking/awscracknip
Interesting blogpost series about the authentication process in #Windows
https://syfuhs.net/understanding-windows-auth
Discover System Center Configuration Manager (#SCCM ) hosts and scan for server takeover flaws using #SMB or #MSSQL 
https://github.com/garrettfoster13/sccmhunter
#OSINT site to visualizes 3D sunlight, very useful to correlate shadows and clock times
https://app.shadowmap.org
A nice and simple tool to inject #Kerberos tickets 
https://github.com/MzHmO/PowershellKerberos
C# tool with the capability to analyze #ETW SMB events and extract #NetNTLMv2 hashes
https://labs.nettitude.com/blog/etwhash-he-who-listens-shall-receive
Happy #WorldPasswordDay!
I've cracked billions of #passwords from tens of thousands of #data #breaches in the past 12+ years, and because of this, I likely know at least one #password for 90% of people on the Internet. And I'm not alone! While I primarily crack breached passwords for research purposes and the thrill of the sport, others are selling your breached passwords to criminals who leverage them in #AccountTakeover and #CredentialStuffing attacks.
How can you keep your accounts safe?
- Use a #PasswordManager! I recommend @bitwarden and @1password
- Use a #Diceware style #passphrase - four or more words selected at random - for passwords you have to commit to memory, like your master password!
- Enable MFA for important online accounts, including cloud-based password managers!
- Harden your master password by tweaking your password manager's KDF settings! For #Bitwarden, use Argon2id with 64MB memory, 3 iterations, 4 parallelism. For #1Password and other PBKDF2 based password managers, set the iteration count to at least 600,000.
- Use unique, randomly generated passwords for all your accounts! Use your password manager to generate random 14-16 character passwords for everything. Modern password cracking is heavily optimized for human-generated passwords, because humans are highly predictable. Randomness defeats this and forces attackers to resort to incremental brute force! There's no trick you can do to make a secure, uncrackable password on your own - your meat glob will only betray you.
- Use an ad blocker like #uBlock Origin to keep you safe from password-stealing #malware and other browser based threats!
- Don't fall for #phishing attacks and other social engineering attacks! Browser-based password managers help defend against phishing attacks because they'll never autofill your passwords on fake login pages. Think before you click, and never give your passwords to anyone, not even if they offer you chocolate or weed.
- #Enterprises: require ad blockers, invest in an enterprise password management solution, audit password manager logs to ensure employes aren't sharing passwords outside the org, implement a Fine Grained Password Policy that requires a minimum of 20 characters to encourage the use of long passphrases, implement a password filter to block commonly used password patterns and compromised passwords, disable #NTLM authentication and disable RC4 for #Kerberos, disable legacy broadcast protocols like LLMNR and NBT-NS, require mandatory #SMB signing, use Group Managed Service Accounts instead of shared passwords, monitor public data breaches for employee credentials, and crack your own passwords to audit the effectiveness of your password policy and user training!
/
/
My #introduction (since I changed instance):
I am a Norwegian IT-engineer at the University of #Oslo. Originally from #Brazil, I moved to #Norway in 2011.
I work mostly with VMware stuff, but also spend most part of my days configuring #linux images for VDI's, #Nextcloud, #Kerberos, #FreeIPA, #keycloak, etc.
I love #running, #sourdough baking and became #vegan in Feb 2022. I have #glaucoma.
I started https://mastodon.babb.no for friends and colleagues.
Mastodon hosted on babb.noBabb.noThis Norwegian Mastodon server is an unofficial meeting place for University of Oslo people, and more!
Currently doing a deep dive on the various methods of service-to-service authentication that is not simply a shared secret.
While reading up on #kerberos, I stumbled over "Why is Kerberos terrible? (It's really not)" by @SteveSyfuhs
I would recommend anyone interested in authentication to take a peek at this. It is jam-packed with great information. 
https://syfuhs.net/2018/12/31/why-is-kerberos-terrible/
And thank you Steve for the amazing write up! 
syfuhs.netWhy is Kerberos Terrible?Tl;dr; It’s really not. As we build new protocols we should remember all the things we got right with Kerberos and account for all the things we got wrong.
New in #Metasploit: SugarCRM #RCE, login scanner and credential gatherer for Wowza Streaming Engine Manager, and three new methods for #PetitPotam.
Plus, admin/kerberos/forge_ticket now supports a new extra_sids option — which is useful for including cross-domain SIDs for forging external #Kerberos trust tickets as part of cross-trust domain escalation. The admin/kerberos/inspect_ticket has also been updated to support viewing these extra SID values.
More Kerberos and secrets dumping improvements in this week's wrap-up!
https://www.rapid7.com/blog/post/2023/03/10/metasploit-weekly-wrap-up-196/
Rapid7Metasploit Weekly Wrap-Up | Rapid7 Blog
#Metasploit Framework 6.3 is out now 
New features include native #Kerberos authentication support, streamlined Active Directory attack workflows (AD CS, AD DS), and new modules that request, forge, and convert tickets between formats.
https://www.rapid7.com/blog/post/2023/01/30/metasploit-framework-6-3-released/
Rapid7Metasploit Framework 6.3 Released | Rapid7 Blog
My team at Arcesium (NY-based, https://www.arcesium.com) is looking to hire an Infrastructure Engineer (remote eligible) and an Infrastructure Engineer Intern. The team's responsibilities are broad, and relevant skills include #k8s, #aws, #linux, #python, #kerberos, #terraform, and more.
Interested, or have questions about the roles? Send me a DM; I'd be glad to discuss in greater detail and/or submit candidates for consideration.
ArcesiumArcesium » A New and Better Way.Arcesium’s scalable, cloud-native solutions are unparalleled in the investments industry. We help clients accelerate their data strategy, modernize their operating model, systematize their most complex activities, and unlock opportunities for growth.