Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
Brute force attacks are low cost and relatively easy to perform. Even though this type of brute force attack is noisy, the attacker can effectively obtain credentials due to the commonality of weak and repurposed passwords.
The risk score can be adjusted for this detection.
Kill Chain
Risk Score
60
Kerberos is an authentication protocol that creates tickets encrypted with account keys to verify identity and permissions. A ticket contains user, computer, or service account credentials that are encrypted with a cipher algorithm. When a user wants to access a service, they submit credentials to a Key Distribution Center (KDC) installed on a domain controller (DC), which then provides a ticket. An attacker can attempt to gain a valid Kerberos ticket with a brute force attack, which is a method for guessing a weak user or system password in the initial authentication request. Kerberos often includes a pre-authentication feature, which requires a client to encrypt a timestamp with the client password ciphertext and submit it to the KDC. The KDC should be able to decrypt the timestamp with the valid client password ciphertext stored in the DC. If the attacker guesses an incorrect password, the KDC is unable to decrypt the timestamp and returns a KDC_ERR_PREAUTH_FAILED error to the client.
Limit the number of account login attempts and then block users that exceed this number
Review authentication methods and enforce policies for secure credential creation and multi-factor authentication
