I’ve Got a Golden Ticket… I’ve Got a Golden Twinkle in My Eye.
The Kerberos Ticket Granting Ticket (KRBTGT) account is the most important account in a Windows Active Directory (AD) domain. Once the KRBTGT account has been exposed to an attacker they may conduct the “Golden Ticket” attack, which can grant them persistence and unfettered access in AD. This talk will stress the importance of the KRBTGT account and why it is often a high value target (HVT) for attackers. A detailed examination of the “Golden Ticket” attack and defense techniques will be demonstrated. Finally, this talk will discuss possible mitigation and recovery steps if evidence is found that an adversary has compromised the KRBTGT account.
Charlie Clark – ZeroDayLab, Ltd.
Andrew Schwartz – TrustedSec