Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

Tag: DetectSilverTicket

Jan 05 2016

Mimikatz Update Fixes Forged Kerberos Ticket Domain Field Anomaly – Golden Ticket Invalid Domain Field Event Detection No Longer Works

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security

In late 2014, I discovered that the domain field in many events in the Windows security event log are not properly populated when forged Kerberos tickets are used. The key indicator is that the domain field is blank or contains the FQDN instead of the short (netbios) name and depending on the tool used to …

ActiveDirectory, ActiveDirectorySecurity, ADSecurity, DetectForgedKerberoTicket, DetectGoldenTicket, DetectingForgedKerberosTicket, DetectSilverTicket, ForgedKerberosTicket, GoldenTicket, kerberos::golden, mimikatz, SilverTicket

May 03 2015

Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory

By Sean Metcalf in Microsoft Security

Over the last 6 months, I have been researching forged Kerberos tickets, specifically Golden Tickets, Silver Tickets, and TGTs generated by MS14-068 exploit code (a type of Golden Ticket). I generated forged Kerberos tickets using Mimikatz (Mimikatz Command Reference) and MS14-068 exploits and logged the results. Over the course of several weeks, I identified anomalies …

ActiveDirectory, ActiveDirectorySecurity, ADSecurity, DetectGoldenTicket, DetectingForgedKerberosTicket, DetectSilverTicket, ForgedKerberosTicket, GoldenTicket, SilverTicket

Copyright

Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2020.

Made with by Graphene Themes.

Tag: DetectSilverTicket

Mimikatz Update Fixes Forged Kerberos Ticket Domain Field Anomaly – Golden Ticket Invalid Domain Field Event Detection No Longer Works

Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory

Recent Posts

Trimarc Active Directory Security Services

Popular Posts

Categories

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright

Tag: DetectSilverTicket

Mimikatz Update Fixes Forged Kerberos Ticket Domain Field Anomaly – Golden Ticket Invalid Domain Field Event Detection No Longer Works

Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory

Recent Posts

Trimarc Active Directory Security Services

Popular Posts

Categories

Tags

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright