68888 – Azure Advanced Threat Detection: Microsoft Defender for Identity – New Detection – Golden ticket using AES encryption

cloudscout.one Icon

check before: 2021-02-28

Product:

Azure Advanced Threat Protection, Defender

Scope:

Please log-in or
get a plan

Platform:

World tenant, Online

Links:

Details:

An alert already exists to detect instances where an attacker downgrades the encryption level of the ticket-granting ticket (TGT) field, but this new alert introduces detection capabilities for when an attacker uses the KRBTGT AES hash to generate the ticket. This alert will find cases where the AES TGT is used for Kerberos TGT, where we don?t see a Kerberos authentication request with the previous service request.

Change Category:
Please log-in or
get a plan

Status:
In development

Ring:
General Availability

Created:
2020-11-24

updated:
2020-12-04

Change type:
New feature, Admin impact

task type:

an advanced plan is required to see all details


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose for a plan.


more to explore