Inside the Protocol: Master Kerberos Defense and Detection with Kerlab’s Rust Toolkit

Kerlab

A Rust implementation of Kerberos for FUn and Detection

Kerlab was developed just to drill down kerberos protocol and better understand it. The main purpose is to write more targeted detection rules.

Use to ask the first Ticket in kerberos protocol. If the username is not set, the TGT request is made without pre authentication. It will write the ticket into KRB_CRED format, compatible with rubeus or mimikatz. We can choose between the cleartext password, or the ntlm hash version.

Use to ask a TGS ticket using a saved TGT. kerasktgs support S4U protocol extension, through s4u options.

Use to perform an online brute force attack. The file attribute is just a file with a password at each line.

Use to perform a Kerberos Password spraying attack using a list of username.

Print informations of ticket saved on disk. Use to convert a ticket into hashcat compatible format. We can decrytp the EncTicketPartBody using the hash or the password of the service (including krbtgt).

Download

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy