New Attack Paths? AS Requested Service Tickets : comparemela

While helping Andrew Schwartz with his Kerberos FAST post (which has more information about what FAST is and how it works, so have a read), I noticed something interesting. AS-REQs for machine accounts are unarmored. This is described by Microsoft here: Kerberos armoring uses a ticket-granting ticket (TGT) for the device to protect authentication service ... The post New Attack Paths? AS Requested Service Tickets appeared first on Semperis.

Related Keywords

Kevin Robertson , Arseniy Sharoglazov , Jake Karnes , Andrew Schwartz , Charlie Clark , Service Tickets , Security Bloggers Network , Service Name , Semperis Research , Microsoft , Ops Experience , Public Key Cryptography , Initial Authentication , Kerberos Flexible Authentication Secure Tunneling , Tim Medin , Active Directory , Windows Kerberos , Dirk Jan Mollema , Will Schroeder , Ticket Checksum , New Attack ,