SlideShare a Scribd company logo

Golden Ticket Attack - AD - Domain Persistence

•Download as PPTX, PDF•
•
Mohammed Adam
Mohammed Adam

A Golden Ticket attack is a kind of cyberattack targeting the access control privileges of a Windows environment where Active Directory (AD) is in use.

Technology
1 of 13
Golden Ticket Attack Presented by Mohammed Adam
What is Golden ticket Attack ?? ATT&CK ID: T1558.001 • A Golden ticket attack is a post exploitation attack, and it is meant for domain persistence. • Adversaries who have the KRBTGT account password hash may forge Kerberos ticket-granting tickets (TGT), also known as a golden ticket. • Golden tickets enable adversaries to generate authentication material for any account in Active Directory. • Using a golden ticket, adversaries able to request ticket granting service (TGS) tickets, which enable access to specific resources. • Golden tickets require adversaries to interact with the Key Distribution Center (KDC) in order to obtain TGS.
Before diving into Golden ticket attack, lets quickly recap on how Kerberos authentication works ! • User workstation: Begins the communication for a authentication server request. • Key Distribution Center (KDC): KBRTGT account acts as a service account for the Key Distribution Center (KDC) and separated into three parts: Database (db), Authentication Server (AS) and Ticket Granting Server (TGS). • Authentication Server (AS): Verify client authentication. If the logged user is authenticated successfully the AS issues a ticket called TGT. • Ticket Granting Ticket (TGT): confirms to other servers that user has been authenticated. • Ticket Granting Server (TGS): User request for TGS from the KDC that will be used to access the service of the application server. • Application Server: The server with the service the user wants to access.
What is KRBTGT ? It acts as a service account for KDC (key distribution center) service KRBTGT account is created automatically when a new domain is created (Default account) This account cannot be deleted, account name cannot be changed, and it cannot be enabled in Active Directory. Every AD domain has an associated KRBTGT account to encrypt and sign all Kerberos tickets for the domain. The KRBTGT account should stay disabled Importantly, before sending a TGT, the KDC encrypts it using the password hash for the KRBTGT account. That password hash is shared among all the DCs in the Active Directory domain so that they can read the TGTs they receive when users request access to various resources.
Requirements for forging TGT Domain Name SID KRBTGT Account NTLM password hash Impersonate user
Dump the krbtgt Hash !
Creation of Golden ticket
Use the Golden Ticket to access other machine
Use the Golden Ticket to access other machine (Contd.)
Work arounds Golden ticket have lifespan of 10years or more For previously generated golden ticket, reset the built-in KRBTGT account password twice, which will invalidate any existing golden tickets. Consider rotating the KRBTGT account password every 180 days. And Restrict minimum number of domain admins & groups that provide logon rights to DCs.
Reference • https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm ?turl=WordDocuments%2Fintroductiontokerberosauthentication.htm • https://attack.mitre.org/techniques/T1558/001/ • https://www.hackingarticles.in/domain-persistence-golden-ticket-attack/ • https://github.com/gentilkiwi/mimikatz/wiki/module-~-kerberos#golden • https://tryhackme.com/room/postexploit
Thank you all & Happy Weekend !

Recommended

Golden ticket, pass the ticket mi tm kerberos attacks explained
Golden ticket, pass the ticket mi tm kerberos attacks explainedGolden ticket, pass the ticket mi tm kerberos attacks explained
Golden ticket, pass the ticket mi tm kerberos attacks explainedPeter Swedin
 
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Svetlin Nakov
 
Kerberos
KerberosKerberos
KerberosSparkbit
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Ethereum Mining How To
Ethereum Mining How ToEthereum Mining How To
Ethereum Mining How ToNugroho Gito
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Sql injection
Sql injectionSql injection
Sql injectionMehul Boghra
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingkinish kumar
 

Recommended

Golden ticket, pass the ticket mi tm kerberos attacks explained
Golden ticket, pass the ticket mi tm kerberos attacks explainedGolden ticket, pass the ticket mi tm kerberos attacks explained
Golden ticket, pass the ticket mi tm kerberos attacks explainedPeter Swedin
 
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)
Crypto Wallets: A Technical Perspective (Nakov at OpenFest 2018)Svetlin Nakov
 
Kerberos
KerberosKerberos
KerberosSparkbit
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Ethereum Mining How To
Ethereum Mining How ToEthereum Mining How To
Ethereum Mining How ToNugroho Gito
 
Authentication techniques
Authentication techniquesAuthentication techniques
Authentication techniquesIGZ Software house
 
Sql injection
Sql injectionSql injection
Sql injectionMehul Boghra
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingkinish kumar
 
kerberos
kerberoskerberos
kerberossameer farooq
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
Sqlmap
SqlmapSqlmap
SqlmapInstitute of Information Security (IIS)
 
What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?Global Knowledge Training
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Irfad Imtiaz
 
Saml authentication bypass
Saml authentication bypassSaml authentication bypass
Saml authentication bypassTarachand Verma
 
Basics of Cryptography - Stream ciphers and PRNG
Basics of Cryptography - Stream ciphers and PRNGBasics of Cryptography - Stream ciphers and PRNG
Basics of Cryptography - Stream ciphers and PRNGjulien pauli
 
Digital signature
Digital signatureDigital signature
Digital signatureHossain Md Shakhawat
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Trusts You Might Have Missed
Trusts You Might Have MissedTrusts You Might Have Missed
Trusts You Might Have MissedWill Schroeder
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management Sam Bowne
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Zero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workZero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workAll Things Open
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsChristopher Allen
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptographyPriyamvada Singh
 
Technet.microsoft.com
Technet.microsoft.comTechnet.microsoft.com
Technet.microsoft.comKurt Kort
 
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseDEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseFelipe Prado
 

More Related Content

What's hot

Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographySeema Goel
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?Global Knowledge Training
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Irfad Imtiaz
 
Saml authentication bypass
Saml authentication bypassSaml authentication bypass
Saml authentication bypassTarachand Verma
 
Basics of Cryptography - Stream ciphers and PRNG
Basics of Cryptography - Stream ciphers and PRNGBasics of Cryptography - Stream ciphers and PRNG
Basics of Cryptography - Stream ciphers and PRNGjulien pauli
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Trusts You Might Have Missed
Trusts You Might Have MissedTrusts You Might Have Missed
Trusts You Might Have MissedWill Schroeder
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management Sam Bowne
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
Zero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workZero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workAll Things Open
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsChristopher Allen
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptographyPriyamvada Singh
 

What's hot (20)

kerberos
kerberoskerberos
kerberos
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Sql injection
Sql injectionSql injection
Sql injection
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication Application
 
Sqlmap
SqlmapSqlmap
Sqlmap
 
What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?What is Cryptojacking and How Can I Protect Myself?
What is Cryptojacking and How Can I Protect Myself?
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )
 
Saml authentication bypass
Saml authentication bypassSaml authentication bypass
Saml authentication bypass
 
Basics of Cryptography - Stream ciphers and PRNG
Basics of Cryptography - Stream ciphers and PRNGBasics of Cryptography - Stream ciphers and PRNG
Basics of Cryptography - Stream ciphers and PRNG
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Trusts You Might Have Missed
Trusts You Might Have MissedTrusts You Might Have Missed
Trusts You Might Have Missed
 
CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management CNIT 129S: Ch 7: Attacking Session Management
CNIT 129S: Ch 7: Attacking Session Management
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
 
Zero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they workZero Knowledge Proofs: What they are and how they work
Zero Knowledge Proofs: What they are and how they work
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptography
 

Similar to Golden Ticket Attack - AD - Domain Persistence

Technet.microsoft.com
Technet.microsoft.comTechnet.microsoft.com
Technet.microsoft.comKurt Kort
 
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseDEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseFelipe Prado
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authenticationSuraj Singh
 
Kerberos survival guide - SPS Ozarks 2010
Kerberos survival guide - SPS Ozarks 2010Kerberos survival guide - SPS Ozarks 2010
Kerberos survival guide - SPS Ozarks 2010J.D. Wade
 
Kerberos survival guide SPS Kansas City
Kerberos survival guide SPS Kansas CityKerberos survival guide SPS Kansas City
Kerberos survival guide SPS Kansas CityJ.D. Wade
 
Kerberos Survival Guide SPS Chicago
Kerberos Survival Guide SPS ChicagoKerberos Survival Guide SPS Chicago
Kerberos Survival Guide SPS ChicagoJ.D. Wade
 
Kerberos and its application in cross realm operations
Kerberos and its application in cross realm operationsKerberos and its application in cross realm operations
Kerberos and its application in cross realm operationsArunangshu Bhakta
 
SharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival GuideSharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival GuideJ.D. Wade
 
In the Wake of Kerberoast
In the Wake of KerberoastIn the Wake of Kerberoast
In the Wake of Kerberoastken_kitahara
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptxShashwat Shriparv
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptographyAbhishek Kesharwani
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptxShashwat Shriparv
 
Kerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointaloozaKerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointaloozaJ.D. Wade
 
Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015J.D. Wade
 
Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015J.D. Wade
 
Rakesh raj
Rakesh rajRakesh raj
Rakesh rajDBNCOET
 
Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015J.D. Wade
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 

Similar to Golden Ticket Attack - AD - Domain Persistence (20)

Technet.microsoft.com
Technet.microsoft.comTechnet.microsoft.com
Technet.microsoft.com
 
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defenseDEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
DEF CON 23 - Sean - metcalf - red vs blue ad attack and defense
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authentication
 
Kerberos survival guide - SPS Ozarks 2010
Kerberos survival guide - SPS Ozarks 2010Kerberos survival guide - SPS Ozarks 2010
Kerberos survival guide - SPS Ozarks 2010
 
Kerberos survival guide SPS Kansas City
Kerberos survival guide SPS Kansas CityKerberos survival guide SPS Kansas City
Kerberos survival guide SPS Kansas City
 
Kerberos Survival Guide SPS Chicago
Kerberos Survival Guide SPS ChicagoKerberos Survival Guide SPS Chicago
Kerberos Survival Guide SPS Chicago
 
Kerberos and its application in cross realm operations
Kerberos and its application in cross realm operationsKerberos and its application in cross realm operations
Kerberos and its application in cross realm operations
 
CISSPills #1.02
CISSPills #1.02CISSPills #1.02
CISSPills #1.02
 
SharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival GuideSharePoint Saturday Kansas City - Kerberos Survival Guide
SharePoint Saturday Kansas City - Kerberos Survival Guide
 
In the Wake of Kerberoast
In the Wake of KerberoastIn the Wake of Kerberoast
In the Wake of Kerberoast
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptx
 
Elliptic curve cryptography
Elliptic curve cryptographyElliptic curve cryptography
Elliptic curve cryptography
 
Kerberos Architecture.pptx
Kerberos Architecture.pptxKerberos Architecture.pptx
Kerberos Architecture.pptx
 
Kerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointaloozaKerberos Survival Guide: SharePointalooza
Kerberos Survival Guide: SharePointalooza
 
Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015Kerberos Survival Guide: Columbus 2015
Kerberos Survival Guide: Columbus 2015
 
Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015Kerberos Survival Guide: SharePoint Saturday Nashville 2015
Kerberos Survival Guide: SharePoint Saturday Nashville 2015
 
Rakesh raj
Rakesh rajRakesh raj
Rakesh raj
 
Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015Kerberos survival guide-STL 2015
Kerberos survival guide-STL 2015
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
 

More from Mohammed Adam

Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Mohammed Adam
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2Mohammed Adam
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Mohammed Adam
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration TestingMohammed Adam
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For CybersecurityMohammed Adam
 
Evading Antivirus software for fun and profit
Evading Antivirus software for fun and profitEvading Antivirus software for fun and profit
Evading Antivirus software for fun and profitMohammed Adam
 
Introduction to Network Fundamentals
Introduction to Network FundamentalsIntroduction to Network Fundamentals
Introduction to Network FundamentalsMohammed Adam
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authenticationMohammed Adam
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamMohammed Adam
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamMohammed Adam
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram communityMohammed Adam
 
Internet security
Internet securityInternet security
Internet securityMohammed Adam
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Mohammed Adam
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityMohammed Adam
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamMohammed Adam
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolMohammed Adam
 
Network Security
Network SecurityNetwork Security
Network SecurityMohammed Adam
 

More from Mohammed Adam (20)

Android Penetration Testing - Day 3
Android Penetration Testing - Day 3Android Penetration Testing - Day 3
Android Penetration Testing - Day 3
 
Android Penetration testing - Day 2
Android Penetration testing - Day 2 Android Penetration testing - Day 2
Android Penetration testing - Day 2
 
Android Penetration Testing - Day 1
Android Penetration Testing - Day 1Android Penetration Testing - Day 1
Android Penetration Testing - Day 1
 
Wireless Penetration Testing
Wireless Penetration TestingWireless Penetration Testing
Wireless Penetration Testing
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
Basic Foundation For Cybersecurity
Basic Foundation For CybersecurityBasic Foundation For Cybersecurity
Basic Foundation For Cybersecurity
 
Evading Antivirus software for fun and profit
Evading Antivirus software for fun and profitEvading Antivirus software for fun and profit
Evading Antivirus software for fun and profit
 
Introduction to Network Fundamentals
Introduction to Network FundamentalsIntroduction to Network Fundamentals
Introduction to Network Fundamentals
 
Breaking out of crypto authentication
Breaking out of crypto authenticationBreaking out of crypto authentication
Breaking out of crypto authentication
 
Cybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by AdamCybersecurity Awareness Session by Adam
Cybersecurity Awareness Session by Adam
 
Career Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed AdamCareer Guidance on Cybersecurity by Mohammed Adam
Career Guidance on Cybersecurity by Mohammed Adam
 
Introduction to null villupuram community
Introduction to null villupuram communityIntroduction to null villupuram community
Introduction to null villupuram community
 
Internet security
Internet securityInternet security
Internet security
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2Webinar On Ethical Hacking & Cybersecurity - Day2
Webinar On Ethical Hacking & Cybersecurity - Day2
 
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurityOSINT - Open Soure Intelligence - Webinar on CyberSecurity
OSINT - Open Soure Intelligence - Webinar on CyberSecurity
 
Android Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed AdamAndroid Application Penetration Testing - Mohammed Adam
Android Application Penetration Testing - Mohammed Adam
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Network Security
Network SecurityNetwork Security
Network Security
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 

Golden Ticket Attack - AD - Domain Persistence

  • 2. What is Golden ticket Attack ?? ATT&CK ID: T1558.001 • A Golden ticket attack is a post exploitation attack, and it is meant for domain persistence. • Adversaries who have the KRBTGT account password hash may forge Kerberos ticket-granting tickets (TGT), also known as a golden ticket. • Golden tickets enable adversaries to generate authentication material for any account in Active Directory. • Using a golden ticket, adversaries able to request ticket granting service (TGS) tickets, which enable access to specific resources. • Golden tickets require adversaries to interact with the Key Distribution Center (KDC) in order to obtain TGS.
  • 3. Before diving into Golden ticket attack, lets quickly recap on how Kerberos authentication works ! • User workstation: Begins the communication for a authentication server request. • Key Distribution Center (KDC): KBRTGT account acts as a service account for the Key Distribution Center (KDC) and separated into three parts: Database (db), Authentication Server (AS) and Ticket Granting Server (TGS). • Authentication Server (AS): Verify client authentication. If the logged user is authenticated successfully the AS issues a ticket called TGT. • Ticket Granting Ticket (TGT): confirms to other servers that user has been authenticated. • Ticket Granting Server (TGS): User request for TGS from the KDC that will be used to access the service of the application server. • Application Server: The server with the service the user wants to access.
  • 4. What is KRBTGT ? It acts as a service account for KDC (key distribution center) service KRBTGT account is created automatically when a new domain is created (Default account) This account cannot be deleted, account name cannot be changed, and it cannot be enabled in Active Directory. Every AD domain has an associated KRBTGT account to encrypt and sign all Kerberos tickets for the domain. The KRBTGT account should stay disabled Importantly, before sending a TGT, the KDC encrypts it using the password hash for the KRBTGT account. That password hash is shared among all the DCs in the Active Directory domain so that they can read the TGTs they receive when users request access to various resources.
  • 5. Requirements for forging TGT Domain Name SID KRBTGT Account NTLM password hash Impersonate user
  • 6.
  • 9. Use the Golden Ticket to access other machine
  • 10. Use the Golden Ticket to access other machine (Contd.)
  • 11. Work arounds Golden ticket have lifespan of 10years or more For previously generated golden ticket, reset the built-in KRBTGT account password twice, which will invalidate any existing golden tickets. Consider rotating the KRBTGT account password every 180 days. And Restrict minimum number of domain admins & groups that provide logon rights to DCs.
  • 12. Reference • https://software.intel.com/sites/manageability/AMT_Implementation_and_Reference_Guide/default.htm ?turl=WordDocuments%2Fintroductiontokerberosauthentication.htm • https://attack.mitre.org/techniques/T1558/001/ • https://www.hackingarticles.in/domain-persistence-golden-ticket-attack/ • https://github.com/gentilkiwi/mimikatz/wiki/module-~-kerberos#golden • https://tryhackme.com/room/postexploit
  • 13. Thank you all & Happy Weekend !