Attack Tutorial: How a Golden Ticket Attack Works
Vložit
- čas přidán 8. 09. 2024
- This video explains what information an attacker needs to carry out a Golden Ticket attack, details the techniques involved and demonstrates the attack in action.
In short, adversaries use a tool like mimikatz to extract password hashes for the KRBTGT account to forge Kerberos ticket-granting tickets (TGTs) which the adversary can control the access granted to, these are called Golden Tickets because they can provide unlimited and virtually undetectable access to any system connected to Active Directory.
To learn more about this attack and how to mitigate, detect and respond to it, go to: www.netwrix.co...
Learn about other attacks in our attack catalog: www.netwrix.co...
These are extremely helpful, thank you for making these videos!
Hi,
I have watch your videos and it is really helpfull to understand how it works.
Could you please provide some of the mitigation and prevention to eradicate the attack.
Thank you!
Great video
Very nice!
Steve Holt!!
Great vid thank you. How did you get mimikatz to run on the Windows box without Defender kicking in?
what exact artifacts (Command-line / Registry / File Folder behavior) will confirm that symptoms belong to Golden ticket?
SCARY!!!
I am still seeing "Access Denied" after storing the key in the last part, I have basically two VMs one for DC and another for User(gets IP from DC). I am running these commands from User to access DC escalated privileges.
same problem here