Identity Threat Detection & Response

Golden Ticket Attack Explained

Golden Ticket Attack Explained

  • Huy Kha | Senior Identity & Security Architect
  • Feb 02, 2025

A Golden Ticket attack occurs when an attacker forges a Kerberos Ticket Granting Ticket (TGT) to gain full control over an Active Directory environment. By compromising the KRBTGT account, which signs all Kerberos tickets, the attacker can create fake tickets for any user and gain access to any resource within…

How to Defend Against Silver Ticket Attacks

How to Defend Against Silver Ticket Attacks

  • Daniel Petri | Senior Training Manager
  • Feb 02, 2025

In the complex world of cybersecurity, Golden Ticket and Silver Ticket attacks stand out as two crafty methods targeting the Kerberos authentication system. Although both attacks exploit the same system, their approaches, objectives, and implications differ. Here’s what you need to know about Silver Ticket attacks, including how they differ…

Unconstrained Delegation Explained

Unconstrained Delegation Explained

  • Huy Kha | Senior Identity & Security Architect
  • Jan 26, 2025

Cybersecurity agencies from the Five Eyes alliance, including CISA and the NSA, have urged organizations to strengthen security around Microsoft Active Directory (AD), a prime target for cyberattackers. The alliance’s recent report highlights more than a dozen tactics that threat actors use to exploit AD. Among these common techniques is…

AS-REP Roasting Explained

AS-REP Roasting Explained

  • Huy Kha | Senior Identity & Security Architect
  • Jan 25, 2025

Authentication Server Response (AS-REP) Roasting enables attackers to request encrypted authentication responses for accounts in Active Directory that have Kerberos pre-authentication disabled. AS-REP Roasting is one of the Active Directory threats that cybersecurity agencies in the Five Eyes alliance warn about in the recent report, Detecting and Mitigating Active Directory…

Your DORA Compliance Checklist for Identity Defence

Your DORA Compliance Checklist for Identity Defence

  • Daniel Lattimer | Area Vice President - EMEA West
  • Jan 17, 2025

This week, the European Union’s Digital Operational Resilience Act (DORA) goes into effect in an effort to provide a clear roadmap for enhancing cybersecurity across the financial services industry. All financial entities operating in or with the EU—as well as information and communication technology (ICT) providers that support such entities—are…

Zerologon Exploit Explained

Zerologon Exploit Explained

  • Huy Kha | Senior Identity & Security Architect

In a Zerologon exploit, an attacker with access to a network takes advantage of a critical flaw in the Netlogon Remote Protocol (MS-NRPC) to impersonate any computer, including a domain controller (DC). This flaw is known as Zerologon—a vulnerability that can give attackers full control over a domain. What is…

Password Spraying Detection in Active Directory

Password Spraying Detection in Active Directory

  • Huy Kha | Senior Identity & Security Architect

Password spraying detection is a vital ability for all organizations. In a password spraying attack, the attacker attempts to gain unauthorized access by trying a few common or weak passwords across many accounts rather than targeting a single account with many passwords. The idea is to test several passwords, hoping…

The 5 Pillars for DORA Compliance in Active Directory

The 5 Pillars for DORA Compliance in Active Directory

  • Daniel Lattimer | Area Vice President - EMEA West

The Digital Operational Resilience Act (DORA) is an incoming European Union (EU) legislative framework aimed at fortifying the operational resilience of digital systems within the financial sector. All finance entities that operate in or with the EU need to achieve DORA compliance by early 2025, as do information and communication…