Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Company
Platform
Modern NDR
Resources
Company
DETECTION OVERVIEW
Risk Factors
During authentication, Kerberos encryption types (etypes) are exchanged between a client and a server, such as a domain controller (DC). Etypes influence which algorithms a DC selects to encrypt Kerberos tickets that contain credentials. By default, the latest versions of Windows disable support for weak cipher algorithms. On clients and servers having support for weak algorithms enabled, an attacker can submit an authentication Kerberos request containing a weak etype, which might result in a weakly encrypted Kerberos ticket. Sophisticated attackers can perform AS-REP roasting or other attacks to harvest credentials from weakly encrypted tickets.
Category
Upgrade to Windows Server 2008 or later, which automatically enables support for stronger cipher algorithms such as AES
If unable to upgrade, disable support for weak cipher algorithms, such as DES, 3DES, and RC4 on Windows Servers
Network analysis and visibility solutions remain underrepresented in enterprises. Find out why in this preview of a new Wave report.
ExtraHop® Named a Leader in First-Ever Gartner® Magic Quadrant™ for Network Detection and Response
Visit this resource for more information.
This analysis exposes the critical link between an organization's lack of internal visibility and the escalating cost of compromise, demanding an urgent re-evaluation of how core business assets are protected.
Learn why you need to be wary of the claims certain network detection and response providers make about their coverage against the MITRE ATT&CK framework.
Learn how NDR from RevealX helps security teams detect and investigate more adversary TTPs in the MITRE ATT&CK framework than rule-based tools.
