Kerberos Authentication Explained | A deep dive
Вставка
- Опубліковано 20 вер 2024
- Kerberos explained in easy to understand terms with intuitive diagrams. Starting with a high-level overview and then a deep dive into all the messages that are passed between the User, Authentication Server, Ticket Granting Server and the Service. Including the contents of messages, Authenticators, the encryption used and the validation that is performed to achieve mutual authentication.
CISSP virtuoso: John Berti: / jberti
Script, visuals and narration by Rob Witcher: / robwitcher
Video editing by Nick: threntinfo@gmail.com
3 years later and I'm still coming back to this video. Thank you.
The way you speak is absolutely amazing. Slow, steady, and with pauses in just the right places to allow for complete comprehension. So many videos breeze through information too quickly, requiring back-tracking and frequent pauses. The way it's done here is fantastic!
Thank you! 😃
I agree, mostly
I take it back, I totally agree. thanks
Same feelings here, came from another top rated video here, which seemed good, but the person there was apparently trying to prepare for some speed rap battle. The visuals are really nice here, too :)
@@destcert Thank you very much for your video! You explain Kerberos fantastically and I'm using this video for my upcoming exam. I'd like to ask you if you could post the full Kerberos protocol diagram from 14:32 since it is too small to take a print screen and, I believe, many of us would really appreciate it!
I've watched many videos on Kerberos and this is the best one I've found so far. Thorough, easy to follow, and relatively short. By the way, having the whole diagram at 14:32 would be super useful. It'd be great if you could publish it as an image or a PDF.
en.wikipedia.org/wiki/File:Kerberos_protocol.svg also explains quite nicely.
100%
Yeah, I would love that diagram too!
@destcert came to ask for the whole diagram too
Finally.... After reading / watching many useless tutorials and videos, got the proper step by step explanations :) Thanks man.
I'm tempted to give you a kiss for this straightforward, comprehensive, and easily understandable video. Keep up the fantastic work, Rob and Team!
After 7 tries to understand this, in my current class, and 2 other videos, I came across this video. It was the most straight forward and useful example of this system in function I've found. Thank you for making this!
You can tell a smart person by how he makes complex things so easy to understand. 🧚♀️💖
It seemed like there was a competition on UA-cam to explain Kerberos as poorly as possible.
So glad I found your video (which is clear, detailed, and well diagramed (not some guy reading off rambling sentences while a static image sits there...))
For someone from a non-IT background, this presentation was extremely concise and easy to digest. Keep up the great work :)
I've watched half a dozen videos on Kerberos and this was by far the easiest to grasp. Your in-depth explanation of the way the system works was easier to follow than a lot of other "simple" explanations that limit themselves to the high level view. Thank you.
Details of the Kerberos process as taught in my class resource made no sense no matter how many times I read them. Thank you for breaking it down so eloquently (my class resource failed to make clear the TGS was including a second (service) session key). Your presentation was a lifesaver.
Hello to the creators. Are you trying to sabotage the Entire CISSP training establishments ?:-D I am sure by the time you are done upoading all the concepts, you will. Great effort guys.
haha! Thanks!
Whoa! Sir, I just read about you, the other day in the book, "Shoot. Dive. Fly" , and here I am seeing a comment from the same superhuman, your story is inspiring sir, you're a true role model!
Finally, an actual explanation how Kerberos works technically. I've had to read through so many websites "explaining" how it works by simply saying "the user authenticates to the AS" and throwing around terms like TGT, AS, KDC etc. Thanks for this excellent video!
Amazing video! never have I seen someone explaining Kerberos in that smooth and elegant way. Great amazing job!
Glad you enjoyed it!
The presentation is so fun that I couldn't resist but to hit that Subscribe button in the initial 30 seconds only. No wonder the explanation will be even marvellous, I believe.
I did this also lol
Huge plus to this comment
I recall researching Kerberos a few years ago. This video is mind-blowingly than anything I found back then. Thank you!
Wonderfully explained! Great work..
By far the best explanation I've seen on YT!
Best explanation on Kerberos, I've ever seen. Great job!
Best Explanation, Perfect Voice, Perfect Graphics, And Perfect Speed
Fantastic explanation of a complex topic - engaging speaker and very easy to understand graphic presentation - thanks!
Hey, @stephenorrell6399! Your kind words are truly appreciated! 🙌
I haven't yet come across a video on Kerberos better than this. What a brilliant job in explaining a complex technical topic so simply!
I passed CISSP exam today! Your contents helped me a lot understanding difficult concept and how they work. Thank you very much from the bottom of my heart.
Congratulations! Well done passing the CISSP exam!!
Wonderful to hear that our videos helped you in your achievement!
I remember studying the entire Kerberos diagram for hours, before one of IS masters exams. This was a great refresher.
What an elegantly presentation and explanation - the organization, delivery, content and order followed to explain all concepts is just super perfect.
Absolutely loved this presentation. The details, the pace, the presentation & graphics. Really well done, thank you!
The best explanation of Kerberos you can find out there! Great!
Thank you Rob !!! This is so far the best explanation. I loved the deeper dive of the message exchange. I paused at every step and took down notes . At the end , when the entire life-cycle of the message exchange was depicted stitched together, I started feeling more connected and confident that I can grasp the concept. Thanks a ton !
WOW! The video goes into explaining this in extreme detail but its so well explained! Thank you!
You're welcome!
Wonderful to hear you find our CISSP MasterClass (destinationCISSP.com) materials helpful!
One of the best information videos on Kerberos Authentication I have seen in years. Excellent work!
That was the first Kerberos explanation I was able to follow which I believe contained most of the pertinent information. Thanks so much. I particularly appreciated the extra visual detail, with wrappers showing which key encrypted which message. Though I still paused and replayed many parts to let it sink in, it was excellent, and I think I finally have a simple working understanding beyond "a bunch of tickets fly around and then I get in".
Holy cow is this complicated… despite this, I don’t think a better job explaining this can be done as it done is here!
One of the greatest explaination i have ever seen , thank you
Rob, your stuff is really amazing! I've watched other major elearning companies and their videos are boring which makes it extremely difficult to follow. Your style, video editing and explanations are fantastic. Thank you!
You’re very welcome, I’m glad to hear you find the videos interesting and informing!
One of the best clips explaining a protocol / flow / technology I have ever seen. Great work guys!
Thanks!
Thank you so much for making these videos. I passed my CISSP test yesterday and these videos were a massive help.
Congratulations! Well done passing the CISSP exam! Wonderful to hear that our MindMap videos helped you in your achievement!
my search of how kerberos works comes to an end. Thanks guys. This is great video.
Glad it was helpful!
Appreciated for detail explanation about Kerberos
It is like a Kerberos movie😍....
Clearly understood 🤗
Thankyou so much sir🙏🏻
Hands down, the best tutorial video I have ever come across. Thank you so much.
Wow, thanks!
The dogs and the explanation of the concept is amazing
Best youtube tutorial I have ever watched! Thank you so much.
Came across this while troubleshooting authentication issues in Active Directory. Absolutely the best explanation ever. I am so subscribed!
Great video! Finally found the video that covers enough detail to show how Kerberos is middle-man proof.
Glad it was helpful!
HOLY MOLLY THIS EXPLANATION IS GOLD!!! absolutely awesome!! I was struggling a lot following the process but not anymore!! when the video finished I wanted to applause. Its a superb explanation and the diagrams are sublime :D
I work at Microsoft and found this to be a really good video that has helped me. Thanks. Great video.
Ha! That's awesome. Thanks! You may well be amused to learn that all of the animations in this video were created with PowerPoint. I absolutely love the Morph slide transition 😆
Holy smokes, this is the best video over kerberos I have seen. The quick, concise pacing was awesome. I had to go back and replay sections multiple times to get my thoughts and notes right, but at this point I understand Kerberos more than I ever have.
A video explaining when each of these happens in a Windows endpoint would be greatly appreciated. Also, how does it behave when a Windows domain joined client user logs into a workstation with cached credentials, but yet does not have direct LoS to a KDC. What would happen then if the user logs in and regains LoS to a KDC.
The best explanation ever!
The words never stuck for me, no matter how many times I studied them. Your line diagram of how all the different parts interact just clicked for me and helped me easily visualize 10 steps. Thank you!
*A very underrated channel.*
One of the best explaination and illustration you could find on the internet. I rarely do comment, but your videos and the effort you put to them is moving
Awesome to hear. Thanks!
Awesome explaination. Very detailed one, contain very minute details about each step that are involved in the process of mutual authentication
AMAZING! I've been watching a lot of videos, reading docs and diagrams looking for exactly something like THIS. I am not a native English speaker and even so this is more enlightening than all the spanish videos that I wached.
Congrats and thank you very much!
The video is so well made. Amazing explanation. I have an exam tomorrow and you just saved me. BIG THANKS
This is a fantastic video! Helped me understand something which had previously alluded me! I appreciate your hard work on this!
Thank you for this 🙏🏻 Before, I couldn’t understand which keys were used when. The diagrams and animations really helped.
Awesome! Glad to have helped you understand this concept.
This video is simply PERFECT! Really a terrific lesson, thank you!
World class explanation for Kerberos from A to Z.
this is the best visual explanation I've seen yet; this is perfect
Thanks for your awesome feedback! Explore more CISSP resources at destcert.com 🙌
Great video in helping me in understanding the complexity of Kerberos. I just sat for the CISSP exam this morning and got a provisionally passed !!! I watched all your videos related CISSP mind mapping as they are really useful material for big picture chunking ... thank you very much Rob
i passed this morning. this was the only thing i watched test day. man , i wish i found more of this before but hey! you guys helped me PASS!!
Congratulations! Well done passing the CISSP exam!!
Wonderful to hear that our videos helped you in your achievement!
Excelent explanation!! 👏👏👏 thanks for your time to explain in details how the protocol works!
Best video on Kerberos
the best explanation ever, thank you!
Great explanation... not only animation is easily understandable but also your voice explanation is easily digestable to viewers like me, (not native to english language) Thanks
Best video on the topic.
Beautiful presentation!
Thank you very much!
Outstanding. The best explanation I have ever seen. Thank you!!!
You're very welcome!
The best video on Kerberos, thank you mate! : )
I am asking myelf how i am not getting confused with all these keys, you did some great work there!
Hey Rob, this is an elaborated explanation I was looking for thanks again! Hope to see more videos on CISSP concepts/domains.
You're welcome! All the best in your studies!
Thank you very much for the understandable and detailed explanation of kerberos protocol. Noone else in the internet did so. That video is amazing
thank you so much for this video on kerberos as i was stuck on this concept! Props to you! Keep it up man!
Thank you for taking the time to make this video. I always "kind" of understood what kerberos did but this is a very good explanation.
Excellent video , voice is clear and illustrations are perfect , I liked it when he says “note” !
haha! Thanks!
thank you very much. As a beginner this video is helpful. I appreciate it.
Tremendous video. I've been doing hack the box machines a ton lately in prep for oscp and always avoided AD/kerberos machines. I believe that you can't perform attacks on a service, or at least not with confidence and accuracy, if you don't know how the underlying tech works. Every article on kerberos makes things just seem incredibly complicated and led me to shy away from kerberos and AD. This video was terrific though. Great explanations and great visuals. Well done! Should definitely pay dividends for the box I am working on now. Thank you.
This is wonderful feedback to hear! Thank you! I completely agree that you can’t effectively attempt to find vulnerabilities in a service unless you understand how it works. I’m glad to hear the video helped provide that basic understanding for you.
@@destcert Quick follow up question. I've been looking into pre auth and I can't seem to wrap my head around how it is implemented, or not implemented, in the example you provided.
Would pre authentication mean that the very first request sent from client to AS would need to be encrypted with the user's password? Then, if the AS could decrypt the message, it would send the TGT and accompanying message encrypted with client secret key (the one that contains the TGS session key). I'm looking at pre auth attacks and it seems that if pre auth is disabled, so just the username being sent like in the video, a user would receive the two encrypted messages back from the AS, then would be able to crack the client secret key and retrieve the user's password. That makes most sense to me and with other things I have been reading. If I am wrong, please let me know.
Amazing and easy to understand ... didn';t know how much was involved with Kerberos
A great visual representation for someone like me who was looking for additional materials to better understand this stuff as I look into the IT field, thank you very much
You're very welcome! Glad it was helpful!
A video series on other authentication protocols such as openID or webAuthN would be greatly appreciated. Something on SPNs in a Windows domain environment as well
Hope i can repeatedly hit the like button. Most comprehensive explanation ever
Man I gotta give this one a like. Most detailed explanation I've seen!
Well done! Visuals and explanation or the process. Thank you.
The best explanation!
Outstanding ! indeed . very illustrative
Very Well Explained .. Thanks for that Sir
whew, that's heavy. Great job of breaking that own for us. I'd LOVE a copy of that chart!
Who are the 3 people who have disliked this?!! (Ironic twisted question) Ha ha. Thank you! Awesome detail, visual, and as others have stated, perfect pacing for mental comprehension. This has helped me so much!
What great explanations! Really like the relatively simple breakdown and the full technical data flow
this video is so good that I needed to have an offline copy of it so that in case a disaster impacts all the google servers, especially youtube's, I would still be able to watch the video😂.
thanks for this great explanation.
Just wanted to say, you are the man! Great CISSP training resource. Small critique, feel free to lighten the script on some of the videos. Try to give it a more relaxed feel in the delivery when recording. The visuals are fantastic. =)
I'm glad the video was helpful. I also really appreciate your feedback. I'm new to making these videos and I have a lot to learn!
Best explanation of kerberos on the internet. Thanks
Wow! Thanks!
What an excellent explanation. Loved it
Brilliant explanation!
Thanks for making this video available to us. This is explained very layman and I found it useful to further understand kerberoasting attack and golden ticket persistence mechanism. Thanks a bunch!
Such an articulate presentation, well presented and incredibly easy to follow. You have a talent for teaching, sir.
Have been watching several Kerberos videos before yours, and the amount of attention to detail that was presented in a digestible format along with fantastic visual aids really helped me to understand the topic better than any other videos I've seen so far. Kudos to you, keep up the great work!
Amazing and simplified explanation
one of the best explanation of kerberos ( if i don't say the best). thank you very much!
I really LOVE your presentation; easy to follow, OUTSTANDING, but not perfect :) Error at 04:03. The TGT is sent back to the user along with another messaage encrypted with the users (PASSWORD), not (Users Secret Key) as stated. Neither the AS or TGS, or anyone else for that matter will have the Users Secret Key.