Detections
Analytics
Kerberos Configuration on User Account
medium
Language:
Description
Active Directory relies on Kerberos for authentication. It is an older protocol that has since received various security hardening measures. For this reason, it's necessary to disable some legacy options (e.g. the obsolete "DES" encryption or "Do not require Kerberos preauthentication") to ensure proper security such as avoiding "AS-REP Roasting" attacks.
Solution
To ensure the highest level of security, configure the Active Directory's authentication protocol to use the latest security parameters and protocols.
See Also
What Is Kerberos Authentication?
Indicator Details
Name: Kerberos Configuration on User Account
Codename: C-KERBEROS-CONFIG-ACCOUNT
Severity: Medium
- Tactic: TA0001 - Initial Access
- Techniques: T1078 - Valid Accounts
- Tactic: TA0004 - Privilege Escalation
- Techniques: T1078 - Valid Accounts
Attacker Known Tools
HarmJ0y, Elad Shamir: Rubeus