# Kerberos
Table of Contents
* Introduction
* History
* Project Athena
*
## Introduction
With an ever-evolving technological landscape beaming with ubiquitous endpoints, devices, nodes, users, etc., seamless intra/inter-communication has proven *essential*. This is where Active Directory (hereafter, "AD") comes in. With over 90% of Fortune 500 companies using it, it's important to become well acquainted with AD, its mechanisms and protocols, and *especially*, its dozens of quirks and eyebrow-raising "features" [that Microsoft refuses to fix](#user-content-fn-1)[^1].
We can cover an infinite number of things, *especially* AD security. However, the best place to start is perhaps the *backbone* of AD authentication: Kerberos (specifically, Kerberos v5). After all, some of the most famous AD-related attacks are brought on by the quirks of Kerberos. Practically every stage/step of the authentication protocol has a subsequent/dedicated attack. For example, we have:
* Shadow Credentials.
* Preauth Bruteforcing.
* Silver, Golden, Diamond, and Sapphire Tickets.
* Kerberoasting, ASREP-Roasting, and ASREQ-Roasting.
* Constrained Delegation, Unconstrained Delegation, Resource-based Constrained Delegation.
* Passing the Hash (PTH), Overpassing the Hash (OPTH), Passing the Ticket (PTT), Passing the Cache, and Passing the Certificate.
{% hint style="warning" %}
The following section is just lore. If you're a boring nerd who doesn't care for fun, click here to skip the history sections of the blog and go straight to how Kerberos works.
{% endhint %}
## History
Cerberus—known as the "hound of Hades"—was a multi-headed hellhound and Hades' *personal* gatekeeper, who guarded the gates of hell in Greek mythology. It prevented the dead from escaping hell and conversely, prevented the living from invading it. The hellish inferno puppy was a byproduct of two (`2`)—equally horrific—monsters. Typhoeus (known as the "father of all monsters")—regarded as the mightiest and deadliest monster in Greek mythology; adorned with a hundred fire-breathing heads that never sleep, and Echidna (known as the "mother of all monsters"), a half-woman half-serpentine creature. While Cerberus' appearance/depiction can change, often, it's shown with three (3) heads, and maybe some snakes for its' tail. Although, other depictions have shown as much as fifty (50) or one hundred (100) heads; and snakes coming from all parts of its body.
As is described in Dante's Inferno:
> "Cerberus, cruel monster, fierce and strange, Through his wide threefold throat barks as a dog Over the multitude immers'd beneath. His eyes glare crimson, black his unctuous beard, His belly large, and claw'd the hands, with which He tears the spirits, flays them, and their limbs Piecemeal disparts. Howling there spread, as curs, Under the rainy deluge, with one side The other screening, oft they roll them round, A wretched, godless crew. When that great worm Descried us, savage Cerberus, he op'd His jaws, and the fangs show'd us; not a limb Of him but trembled. Then my guide, his palms Expanding on the ground, thence filled with earth Rais'd them, and cast it in his ravenous maw. E'en as a dog, that yelling bays for food His keeper, when the morsel comes, lets fall His fury, bent alone with eager haste To swallow it; so dropp'd the loathsome cheeks Of demon Cerberus, who thund'ring stuns The spirits, that they for deafness wish in vain."
>
> — Dante Alighieri, *The Divine Comedy: Inferno*. Translated by Rev. Henry Francis Cary, M.A., Canto VI.
Virgil feeding Cerberus, Cerberus by Gustave Doré, 1866
### Project Athena
After covering the ~~necessary~~ lore, we can move on to what we're *actually* here for: the Kerberos authentication protocol. Believe it or not, Kerberos has been around longer than most of you reading this (myself included). It was created during the early 80s amid M.I.T's "Athena" project.
> "Project Athena was a campus-wide effort to make the tools of computing available to every discipline at the Institute and provide students with systematic access to computers. A new project that featured computer workstations and educational programming, Athena was a milestone in the history of distributed systems and inspired programs like Kerberos. It also revolutionized educational computing for the Institute and beyond, and created the computing environment that many students and faculty still work in today."
>
> — Eva Charles Anna Frederick, [Looking back at Project Athena](https://news.mit.edu/2018/mit-looking-back-project-athena-distributed-computing-for-students-1111)
## Kerberos Authentication
{% hint style="warning" %}
Note that Kerberos is only responsible for authentication and *not* authorization. Recall the difference between these terms.
> "In simple terms, authentication is the process of verifying who a user is, while authorization is the process of verifying what they have access to."
>
> — Auth0, [Authentication vs. Authorization](https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization)
> {% endhint %}
Before delving into Kerberos' mechanisms and procedures in excruciating detail, we need to discuss and understand some general AD terms at play in this entire play.
### Realm
### Key Distribution Center (KDC)
[^1]: This is such a big thing in the AD security world that certain attacks are denoted with "Won't fix", to cement the fact that, indeed, it's just become a feature for AD and Microsoft will not be fixing it anytime soon, if at all.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://archive.crow.rip/nest/ad/kerberos.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.