Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory

Over the last 6 months, I have been researching forged Kerberos tickets, specifically Golden Tickets, Silver Tickets, and TGTs generated by MS14-068 exploit code (a type of Golden Ticket). I generated forged Kerberos tickets using Mimikatz (Mimikatz Command Reference) and MS14-068 exploits and logged the results. Over the course of several weeks, I identified anomalies … Continue reading Detecting Forged Kerberos Ticket (Golden Ticket & Silver Ticket) Use in Active Directory

Active Directory Security