DETECTION OVERVIEW

Spike in Kerberos Revoked Credentials Errors

Risk Factors

Brute force attacks are low cost and relatively easy to perform. Even though this type of brute force attack is noisy, the attacker can effectively obtain credentials due to the commonality of weak and repurposed passwords.

The system might change the risk score for this detection.

Kill Chain

Exploitation

Risk Score

Attack Background

Before an attacker can access critical services, they must first acquire valid credentials. Kerberos is an authentication protocol that verifies user credentials and permissions for accessing services. When a user wants to access a service, they submit credentials to an authentication server, which then provides a ticket (essentially a cryptographic proof of identity). An attacker can attempt to gain a valid Kerberos ticket with a brute force attack. A brute force attack is a method for guessing a weak user or system password in the initial authentication request. Brute force attacks can occur manually through trial and error or with password cracking tools.

Mitigation Options

Limit the number of account login attempts and then block users that exceed this number

Review authentication methods and enforce policies for secure credential creation and multi-factor authentication

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases