Webサイトを快適にご利用いただくためには、IE11以降、Chrome、Firefox、またはSafariをご使用ください。

Detecting and Preventing AD Authentication Risks: Golden Tickets, NTLM, Pass-the-Hash and Beyond

Webcast: Detecting and Preventing AD Authentication Risks Golden Tickets, NTLM, Pass-the-Hash and Beyond
録画版
  • 録画日:Oct. 29, 2020
  • イベント:録画版
Webcast: Detecting and Preventing AD Authentication Risks Golden Tickets, NTLM, Pass-the-Hash and Beyond

All it takes is one. One compromise of a single laptop of a user with the right authority and someone can create a golden ticket that gives them domain admin authority for the next 10 years. This is just one way adversaries can attack AD authentication – in this case Kerberos. There are other attacks related to Kerberos and even more when it comes to NTLM.

In this session, we’ll first look at how Kerberos and NTLM authentication work and then we will dive into current attack scenarios for both protocols. Then we’ll move to defense and look at how to detect AD authentication attacks.

Next, we’ll explore methods for recognizing potential golden tickets and other suspicious Kerberos behavior. We’ll also explore the information Windows domain controllers log for Kerberos and NTLM events, including events like:

  • 4768 - A Kerberos authentication ticket (TGT) was requested
  • 4769 - A Kerberos service ticket was requested
  • 4774 - An account was mapped for logon

We will also discuss prevention techniques. Don't miss this essential session!

スピーカー

  • Randy Franklin Smith, Ultimate IT Security
  • Bryan Patton, Quest Software

無料のWebキャストを見る

お待ちください...

triangle-down check
ダウンロードすると、マーケティング関連のEメールが届くようになります。オプトアウトするには、プライバシーポリシーに記載された手順に従ってください。

このサイトはreCAPTCHAで保護されています。詳細はGoogleのプライバシーポリシー利用規約をご参照ください。