Active Directory Kerberos Gold Ticket Exploit

Active Directory Gold Ticket Exploit

This is my research and attempt to replicate the exploit utilised by the SolarWinds perpetrators, as per US government Cert

Research

  1. https://adsecurity.org/?page_id=4031
  2. PingCastle
    1. https://github.com/vletoux/pingcastle
  3. https://thegradient.pub/knocking-on-turings-door-quantum-computing-and-machine-learning/
  4. https://github.com/cyberark/shimit
  5. https://www.microsoft.com/security/blog/2015/02/11/krbtgt-account-password-reset-scripts-now-available-for-customers/
  6. https://www.urtech.ca/2020/07/what-is-an-active-directory-kerberos-golden-ticket-how-can-it-be-easily-reset/
  7. https://www.qomplx.com/qomplx-knowledge-golden-ticket-attacks-explained/
  8. https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/kerberos-golden-tickets
  9. https://github.com/blackc03r/OSCP-Cheatsheets/blob/master/offensive-security-experiments/active-directory-kerberos-abuse/kerberos-golden-tickets.md
  10. https://dirkjanm.io/active-directory-forest-trusts-part-one-how-does-sid-filtering-work/
  11. http://www.harmj0y.net/blog/redteaming/a-guide-to-attacking-domain-trusts/
  12. https://triskelelabs.com/kerberoasting/
  13. https://pentestlab.blog/2018/04/09/golden-ticket/
  14. https://leonjza.github.io/blog/2016/01/09/kerberos-kerberoast-and-golden-tickets/
  15. https://adsecurity.org/?p=1515
  16. https://adsecurity.org/?tag=goldenticket
  17. https://resources.infosecinstitute.com/topic/active-directory-walkthrough-series-golden-ticket/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A%20infosecResources%20%28InfoSec%20Resources%29
  18. https://frsecure.com/blog/golden-ticket-attack/