Jake Karnes

Jake Karnes

Managing Consultant at NetSPI

Jake Karnes is a managing consultant at NetSPI where he specializes in application and cloud penetration testing and contributes to the development of applications and tools for the NetSPI penetration testing team. Jake earned his B.S. in Computer Science from San Jose State University and holds the GIAC Certified Incident Handler and Certified Ethical Hacker certifications.

Presentation Abstract

CVE-2020-17049: Kerberos Bronze Bit Attack – Explained and Exploited

In this presentation, NetSPI’s Jake Karnes explains the inner workings of CVE-2020-17049: The Kerberos Bronze Bit Attack. When exploited, it allows an attacker to bypass security features and escalate privileges within an Active Directory domain. Hear directly from the consultant who discovered the vulnerability and responsibly disclosed it to Microsoft, who provided patches in late 2020.

If a better understanding of the Kerberos protocol and Microsoft’s use of Kerberos Delegation has been on your “to-do” list, here’s a great opportunity to dive in and learn more. Additionally, learn about the vulnerability and its exploit, including its potential impact in a compromised environment. Receive a demonstration of the exploit in action to see how an attacker can escalate privileges from a compromised user account to gain access to sensitive systems.