check before: 2021-02-28
Azure Advanced Threat Protection, Defender
World tenant, Online
An alert already exists to detect instances where an attacker downgrades the encryption level of the ticket-granting ticket (TGT) field, but this new alert introduces detection capabilities for when an attacker uses the KRBTGT AES hash to generate the ticket. This alert will find cases where the AES TGT is used for Kerberos TGT, where we don?t see a Kerberos authentication request with the previous service request.
an advanced plan is required to see all details
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose for a plan.