Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
During authentication, Kerberos encryption types (etypes) are exchanged between a client and a server, such as a domain controller (DC). Etypes influence which algorithms a DC selects to encrypt Kerberos tickets that contain credentials. By default, the latest versions of Windows disable support for weak cipher algorithms. On clients and servers having support for weak algorithms enabled, an attacker can submit an authentication Kerberos request containing a weak etype, which might result in a weakly encrypted Kerberos ticket. Sophisticated attackers can perform AS-REP roasting or other attacks to harvest credentials from weakly encrypted tickets.
Kill Chain
Risk Score
67
Upgrade to Windows Server 2008 or later, which automatically enables support for stronger cipher algorithms such as AES
If unable to upgrade, disable support for weak cipher algorithms, such as DES, 3DES, and RC4 on Windows Servers
