Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Kerberos attack tools are a common and effective way for attackers to steal authentication credentials. While these tools are available to attackers with any skill level, this attack requires an attacker to establish a persistent presence on a compromised device. If successful, attackers can collect sensitive information from secured resources and move closer to achieving their objective, such as exfiltrating data or moving laterally across the network.
Kill Chain
Risk Score
88
Kerberos is an authentication protocol that creates tickets encrypted with account keys to verify identity and permissions. A ticket contains user, computer, or service account credentials that are encrypted with a cipher algorithm. After compromising a network, an attacker might attempt to obtain authentication credentials with a publicly available attack tool. Kerberos attack tools can leave a distinct fingerprint when an attacker sends a malicious Kerberos request. A client that submits a Kerberos request that matches activity associated with an attack tool might be attempting to move laterally across the network with stolen authentication credentials.
Quarantine the device while checking for indicators of compromise, such as the presence of malware
Review authentication methods and enforce policies for secure credential creation and multi-factor authentication
Implement the principle of least privilege to minimize the damage done from a compromised account
