Asia-24-Chudo-Bypassing-Entra-ID-Conditional-Access-Like-APT.pdf

《Asia-24-Chudo-Bypassing-Entra-ID-Conditional-Access-Like-APT.pdf》由會員分享，可在線閱讀，更多相關《Asia-24-Chudo-Bypassing-Entra-ID-Conditional-Access-Like-APT.pdf（67頁珍藏版）》請在三個皮匠報告上搜索。

1、#BHASIA BlackHatEventsBypassing Bypassing EntraEntra ID Conditional Access Like APTID Conditional Access Like APTA Deep Dive Into Device Authentication Mechanisms for Building Your Own PRT Cookie Speaker:Yuya ChudoContributor:Takayuki Hatakeyama#BHASIA BlackHatEventsWhoamiYuya ChudoSenior Advisor Se

2、cureworks Japan K.KProvides red teaming service for enterprises mainly in Japan#BHASIA BlackHatEventsAgendaIntroductionMicrosoft Entra ID Device Authentication Mechanism Device Authentication Internals and AbuseDemoMitigationConclusion#BHASIA BlackHatEventsIntroductionIntroduction#BHASIA BlackHatEve

3、ntsSpear-phished&Compromised Active DirectoryDumped credentials with Dumped credentials with Domain Admin privilegeDomain Admin privilegeAttacker(me)Corporate DeviceActive Directory#BHASIA BlackHatEventsPivoting to the Cloud Cracked Passwordaadadmin/qwerty1234AttackerMicrosoft Entra ID#BHASIA BlackH

4、atEventsBlocked by Entra ID Conditional Access#BHASIA BlackHatEventsConditional Access in Microsoft Entra ID“brings signals together,to make decisions,and“brings signals together,to make decisions,and enforce organizational policies.”enforce organizational policies.”User/GroupDeviceApplicationNetwor

5、k#BHASIA BlackHatEventsRequires Corporate Device for AccessDevice based Conditional Access PolicyRequire Microsoft Entrahybrid joined deviceMarked as compliant#BHASIA BlackHatEventsBlocked by Entra ID Conditional AccessHow Can We Bypass Device-BasedConditional Access Policy?#BHASIA BlackHatEventsGoa

6、lBypass device-based Condtional Access policy and gain access as any user with their credentials#BHASIA BlackHatEventsMicrosoft Entra ID Microsoft Entra ID DeviceDevice AuthenticationAuthentication MechanismMechanism#BHASIA BlackHatEventsDevice Registration#1 Device key and Transport key are generat

7、edDevice keyTransport keydkpub/dkprivtkpub/tkpriv#BHASIA BlackHatEventsDevice(win11pc01)Microsoft Entra IDMy device name is“win11pc01”and here are my keysdkpub,tkpubDevice Registration#2 dkpub and tkpub are sent to Microsoft Entra ID#BHASIA BlackHatEventsAuthentication Flow(Browser SSO)#1 Send logon

8、 request signed by Device key(dkpriv)Microsoft Entra IDLet me validate if the request is signed by the“win11pc01”Device keyDevice(win11pc01)Logon request signed by dkpriv#BHASIA BlackHatEventsAuthentication Flow(Browser SSO)#1 Send logon request signed by Device key(dkpriv)RSASHA256(base64UrlEncode(

9、header)+.+base64UrlEncode(payload),JSON Web Signature by Deice key(dkpriv)#BHASIA BlackHatEventsAuthentication Flow(Browser SSO)#2 Receive PRT(Primary Refresh Token)and session keyMicrosoft Entra IDOkay you are“win11pc01”.Here are the PRT and session keyDevice(win11pc01)Logon request signed by dkpri

10、vPRTSession key(encrypted)#BHASIA BlackHatEventsAuthentication Flow(Browser SSO)#2 Receive PRT(Primary Refresh Token)and session keyCan be used for Single Sign OnCan be decrypted by Transport key and used for signing#BHASIA BlackHatEventsAuthentication Flow(Browser SSO)#3 Send PRT Cookie signed by s

11、ession keyMicrosoft Entra IDDevice(win11pc01)Let me check if the valid session key bounded to device is used for signingPRT Cookie signed by session key#BHASIA BlackHatEventsAuthentication Flow(Browser SSO)#3 Send PRT Cookie signed by session key#BHASIA BlackHatEvents#BHASIA BlackHatEventsDevice Aut

12、hentication MechanismDevice key and Transport key are generated and registeredMicrosoft Entra ID identifies device in tenant by signatures of Device key and session keySession key can be used when decrypted by Transport keyBy signing a specific users logon request and PRT with the keys,we can access

13、 to resources as a registered device#BHASIA BlackHatEventsPrior ResearchDevice key,Transport key and session key are securely stored in TPM(Trusted Platform Module)if availableExporting a derived key of session key for creating PRT Cookie is discovered by Benjamin Delpy and Dirk-jan Mollema(Patched

14、as CVE-2021-33781)#BHASIA BlackHatEventsIf we understand how the TPM stored keys are handled,we can still abuse them for faking device?Research Idea#BHASIA BlackHatEventsDeviceDevice AuthenticationAuthentication InternalsInternalsand Abuseand Abuse#BHASIA BlackHatEventsGetCookieInfoForUriHow Google

15、Chrome Handles Browser SSO Chrome(Windows Accounts Extension)BrowserCore.exeMicrosoftAccountTokenProvider.dllAbuse for PRT Cookie TheftBrowserCore approach(ROADtoken by Dirk-jan Mollema)DLL approach(RequestAADRefreshToken by Lee Christensen)PRT Cookie#BHASIA BlackHatEventsReversing GetCookieInfoForU

16、riData is sent to an authentication package in lsass.exe for PRT Cookie retrieval#BHASIA BlackHatEventsReversing GetCookieInfoForUriJSON data is sent to lsass.exe and it includes call and payload values#BHASIA BlackHatEventsJSON Data is passed to CloudAP and aadcloudapCloudAP(Cloud Authentication Pr

17、ovider)Modern authentication provider for Windows sign inaadcloudap(Microsoft Entra CloudAP Plugin)Verifies user credentials with Microsoft Entra ID#BHASIA BlackHatEventsfunctions in aadcloudap are invokedaadcloudap!GenericCallPackageHelper:GenericCallPackage#BHASIA BlackHatEventsWhats happening whe

18、n browser SSO GetCookieInfoForUriChromeBrowserCore.exeMicrosoftAccountTokenProvider.dllLsaCallAuthenticationPackageRPClsass.exeSignPayloadCreateSSOCookieGetPrtAuthorityCheckDeviceKeysHealthGenerateBindingClaimsaadcloudap123415call number,payloadPRT Cookie#BHASIA BlackHatEventsReplicating the flow fo

19、r another PRT Cookie theftGetCookieInfoForUriMalwareBrowserCore.exeMicrosoftAccountTokenProvider.dllLsaCallAuthenticationPackageRPClsass.exeSignPayloadCreateSSOCookieGetPrtAuthorityCheckDeviceKeysHealthGenerateBindingClaimsaadcloudap123415call number,payload#BHASIA BlackHatEventsReplicating the flow

20、 for another PRT Cookie theft#BHASIA BlackHatEventsReplicating the flow for another PRT Cookie theftAbuse for PRT Cookie TheftBrowserCore approach(ROADtoken by Dirk-jan Mollema)DLL approach(RequestAADRefreshToken by Lee Christensen)New!LsaCallAuthenticationPackage approach#BHASIA BlackHatEventsRepli

21、cating the flow for another PRT Cookie theftRetrieved PRT Cookie allows us to gain access as a logged-on userTo achieve the initial goal,we want to sign users logon request by Device key“SignPayload”function in aadcloudap looks interesting#BHASIA BlackHatEventsReversing aadcloudap!SignPayload_int64

22、_fastcall GenericCallPackageHelper:SignPayload(struct AadContextFunctions*this,struct PluginState*pluginState_a2,struct CSecureString*payload_a3,void*hToken_a4,struct _AP_BLOB*accountInfo_a5,struct CSecureString*outBuffer_a6).LODWORD(status_v28)=CheckPackageSidForRequestSign(this,hToken_a4);.LODWORD

23、(status_v28)=BuildDeviceAuthAssertion(this,pluginState_a2,payload_a3,bKdf_v10,assertion_v29);#BHASIA BlackHatEventsReversing aadcloudap!SignPayloadBuildDeviceAuthAssertioncall:1,payload:“username:employee01*,password:*request_nonce:AwABAAEAAAACAOz_(snip)xqKRkgAA,(snip)eyAgICAidXNlcm5hbWUiOiAgImVtcGx

24、ve.eyJhbGciOiJSUzI1NiIsICJ0eXAiOiJKV1QiLCA.eyAgICAidXNlcm5hbWUiOiAgImVtcGxve.eyJhbGciOiJSUzI1NiIsICJ0eXAiOiJKV1QiLCA.uIMsJz8dQAcT6SaiQpWiJAmgCzdkWy.Sign by Device key(dkpriv)Base64UrlEncodeheaderheaderpayloadpayloadsignatureData sent by LsaCallAuthenticationPackageData returned to a caller process#B

25、HASIA BlackHatEventsReversing aadcloudap!SignPayloadCheckPackageSidForRequestSignChecks if a caller processs sid is“S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272”Without valid SID,BuildDeviceAuthAssertion is not called and SignPayload doesnt generate Device ke

26、y signed request#BHASIA BlackHatEventsReversing aadcloudap!SignPayloadCheckPackageSidForRequestSignThe SID is for the AppContainer,AAD token brokerWith some tricks,we can impersonate this SID!#BHASIA BlackHatEventsImpersonate AAD token broker for Device key signingMalwareAAD token broker(S-1-15-2-19

27、1)LsaCallAuthenticationPackageRPClsass.exeSignPayloadCreateSSOCookieGetPrtAuthorityCheckDeviceKeysHealthGenerateBindingClaimsaadcloudap.dll123415ImpersonateSigned logon requestcall number,payload#BHASIA BlackHatEventsSend logon request signed by Device key#BHASIA BlackHatEventsAbusing aadcloudap for

28、 Device key signingWe can sign arbitrary users logon request by Device key stored in TPM,thanks to internal aadcloudap loaded in lsass.exeThe signed request gives us its users PRT&encrypted session keyFor browser SSO access,we need to decrypt the encrypted session key by Transport key and sign the P

29、RT with it#BHASIA BlackHatEventsUndocumented APIs to interact with session keycyrptngc.dll functions are imported in aadcloudap.dllcryptngc.dll provides interface for device-stored cryptographic keys#BHASIA BlackHatEventsRPC Call for Your NeedsNgcImportSymmetricPopKeyencrypted session keyDPAPI prote

30、cted session key blobNgcPop KeyService(lsass.exe)Decrypt by Transport keySession key blobNgcSignWithSymmetricPopKeySession key signatureTPMDPAPI protected session key blob&signing inputSign by session keySession key blob&signing inputCaller process#BHASIA BlackHatEventsSign PRT with session keyUndoc

31、umented APIs can import session key and decrypt it Imported session key can be used for signingeyAgICAidXNlcm5hbWUiOiAgImVtcGxve.eyJhbGciOiJSUzI1NiIsICJ0eXAiOiJKV1QiLCA.eyAgICAidXNlcm5hbWUiOiAgImVtcGxve.eyJhbGciOiJSUzI1NiIsICJ0eXAiOiJKV1QiLCA.uIMsJz8dQAcT6SaiQpWiJAmgCzdkWy.Sign by session keyheaderh

32、eaderpayload(PRTIncluded)payloadsignaturePRT Cookie#BHASIA BlackHatEventsGot Our Own PRT Cookie!#BHASIA BlackHatEventsOverview of the entire flow(Browser SSO)2.Sign logon request by Device key using aadcloudap3.Send signed logon request4.Receive PRT,encrypted session key5.Import session key to TPM a

33、nd decrypt it by Transport key7.Send PRT Cookie from attackers machine for browser SSO1.Compromise corporate machine6.Create PRT Cookie by session key#BHASIA BlackHatEventsAuthentication Flow(App Tokens Requests)Session key signed PRT can also give us encrypted app tokens(access token/refresh token)

34、Microsoft Entra IDDevice(win11pc01)JWT containing PRT signed by session keyApp Tokens(encrypted)#BHASIA BlackHatEventsDecrypt app tokens with session keyEncrypted app tokens can be decrypted by session keyThere is another undocumented API useful for us#BHASIA BlackHatEventsDecrypt app tokens by sess

35、ion keyAccess TokenRefresh Token#BHASIA BlackHatEventsAttack TL;DR#1By abusing TPM stored keys,attackers can create PRT Cookie or acquire app tokens for arbitrary users with their credentials.Administrator privilege is not needed for this attackAllows attackers to bypass Conditional Access policy ba

36、sed on device#BHASIA BlackHatEventsExplore more for“Passwordless”Found that other undocumented APIs allow us to interact with Windows Hello for Business(WHfB)keys stored in TPM#BHASIA BlackHatEventsWindows Hello for BusinessUser key(ukpub/ukpriv)are registered to Microsoft Entra ID and allows user a

37、uthentication without passwordMicrosoft Entra IDDevicedkpriv signed request containing ukpriv signed dataPRTSession key(encrypted)#BHASIA BlackHatEventsAuthenticating with WHfB keysdkpriv signed request#BHASIA BlackHatEventsCombining all together with WHfBInteracting with all the secret keys,we can

38、authenticate to Entra ID with WHfB keys and create PRT Cookie without password#BHASIA BlackHatEventsCombining all together with WHfBAccess token received by WHfB has deviceid and mfa claims#BHASIA BlackHatEventsAttack TL;DR#2Attackers can create PRT Cookie or acquire app tokens through WHfB keys wit

39、hout passwordAllows attackers to bypass Conditional Access policy based on device and MFANeeds to compromise other WHfB configured device for switching accounts#BHASIA BlackHatEventsDemoDemo#BHASIA BlackHatEventsBAADTokenBrokerCommandsDescriptionRequest-PRTCookieRequest PRT Cookie of logged on user

40、directly talking to lsassCreate-PRTCookieCreate PRT Cookie of any user with their credentials or WHfB keysAcquire-TokenAcquire access tokens and refresh tokens of any user with their credentials or WHfB keysPowerShell-based script for leveraging TPM stored keys to bypass Microsoft Entra ID Condition

41、al Accesshttps:/ BlackHatEventsMitigationMitigation#BHASIA BlackHatEventsPreventionMicrosoft has responded this attack as an expected behaviorStrongly recommends to require MFA for all users with Conditional Access,not only require corporate deviceThis helps to make it harder for attackers to move l

42、aterally between accounts with just passwords#BHASIA BlackHatEventsDetectionMonitor suspicious RPC activity and cryptngc function callsInvestigate Entra ID sign-in logs of multiple accounts from the same deviceSigninLogs|where DeviceDetail.deviceId=“|where ResultType=0|where AppId=“29d9ed98-a469-453

43、6-ade2-f981bc1d605e”/Broker AppId#BHASIA BlackHatEventsConclusionConclusion#BHASIA BlackHatEventsBlack Hat Asia Sound BytesRPC calls and undocumented APIs allow attackers to interact with keys securely protected by TPM TPM stored keys can be abused for bypassing Entra ID Conditional Access once your

44、 corporate device is compromisedReview your Conditional Access policies to make it harder for attackers to pivot to the cloud and monitor suspicious activities#BHASIA BlackHatEventsQ&AQ&ATEMP43487580TEMP43487580yuyayuya-chudochudo-2601a5962601a596#BHASIA BlackHatEventsThank youThank you#BHASIA BlackHatEventsReferencehttps:/