Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for asktgt: /opsec flag is not respected when using PKINIT with /certificate #162

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

MexHigh
Copy link

@MexHigh MexHigh commented Jun 5, 2023

This MR implements the /opsec flag in all overloaded functions used for asktgt with PKINIT. Previously, the /opsec flag only had an effect when using password authentication.

This has the effect that the Defender for Identity alert "Suspicious certificate usage over Kerberos protocol (PKINIT)" will not be triggered (ref: https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/microsoft-defender-for-identity-now-detects-suspicious/ba-p/3743335).

Closes #161

MexHigh added 3 commits June 2, 2023 13:06
- Applied opsec params to necessary overloads
- Removed unused opsec flag from InnerTGT function
- Added some justification commets to overloaded functions
@TH3xACE
Copy link

TH3xACE commented Dec 6, 2024

I think that MDI solution has evolved... even with this modification which is great btw... it is now being flagged. The only way that I think that could help bypass it... is by also making some amendment on the section for the PA_DATA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

asktgt: /opsec flag is not respected when using PKINIT with /certificate
2 participants