Overview#
Kerberos Forged Ticket are used as Privileged Identity exploits and have been identified as one of the most dangerous attack techniques against KerberosThese Attacks are considered the most dangerous for the following:
- Access - Once an attacker has Local Administrative Account privileges, the Attacker is possible to dump additional credentials, which if left behind in the compromised machines, enable the attacker to move laterally in the network, elevate privileges and gain unauthorized access to valuable Resources.
- Obscurity - To bypass security controls and evade detection, an attacker can reuse Kerberos tickets for impersonation of authorized users to sidestep authentication processes – disguising activity and avoiding authentication log traces.
- Advanced Persistent Threat - The days of stolen data being dumped all at once are largely over – attackers often prefer to remain on the network undiscovered for extended periods of time, funneling information out little –by – little. Kerberos attacks give attackers what they need most to do this: time. It is possible to maintain persistence with Kerberos tickets, even when credentials have been changed.
While there are several types of Microsoft Windows authentication Attacks – including Pass-the-hash, Overpass-the-Hash and Pass-the-ticket – the most destructive of all is the Golden Ticket.
