Common Information
| Type | Value |
|---|---|
| Value |
Silver Ticket - T1558.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries who have the password hash of a target service account (e.g. SharePoint, MSSQL) may forge Kerberos ticket granting service (TGS) tickets, also known as silver tickets. Kerberos TGS tickets are also known as service tickets.(Citation: ADSecurity Silver Tickets) Silver tickets are more limited in scope in than golden tickets in that they only enable adversaries to access a particular resource (e.g. MSSQL) and the system that hosts the resource; however, unlike golden tickets, adversaries with the ability to forge silver tickets are able to create TGS tickets without interacting with the Key Distribution Center (KDC), potentially making detection more difficult.(Citation: ADSecurity Detecting Forged Tickets) Password hashes for target services may be obtained using [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) or [Kerberoasting](https://attack.mitre.org/techniques/T1558/003). |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-11 | 0 | The Threat of Lateral Movement: Are you Covered? | Red Piranha | ||
| Details | Website | 2024-10-20 | 8 | Krijo një laborator në Active Directory për të hackuar FALAS | ||
| Details | Website | 2024-10-08 | 3 | Vulnerable Active Directory | ||
| Details | Website | 2024-09-22 | 23 | Escape Unveiled: Active Directory ADCS Exploit Walkthrough | ||
| Details | Website | 2024-09-20 | 3 | Exploring the Depths of Kerberos Authentication | ||
| Details | Website | 2024-09-18 | 16 | Active Directory Penetration Test Lab | ||
| Details | Website | 2024-09-17 | 11 | NTLM Relaying - Making the Old New Again | JUMPSEC LABS | ||
| Details | Website | 2024-09-01 | 11 | NTLM Relaying – Making the Old New Again | CTF导航 | ||
| Details | Website | 2024-08-30 | 1 | Kerberos Attacks in Windows Active Directory | TryHackMe Attacking Kerberos | ||
| Details | Website | 2023-10-23 | 273 | Red Team Tools | ||
| Details | Website | 2023-08-07 | 1 | Mimikatz: Beginner’s Guide | ||
| Details | Website | 2023-07-21 | 5 | Objective: | ||
| Details | Website | 2023-07-17 | 0 | Kerberos Overview | ||
| Details | Website | 2023-07-08 | 0 | Fortifying Your Fortress with Defense Tactics Against the Golden Ticket Attack | ||
| Details | Website | 2023-07-07 | 6 | Silver Ticket Attack in Active Directory Environment | ||
| Details | Website | 2023-06-24 | 16 | Attacking Kerberos — TryHackMe | ||
| Details | Website | 2023-05-29 | 0 | “Beyond the Lock : The Intricate Dance of Mimikatz” | ||
| Details | Website | 2023-05-04 | 0 | EC-council CPENT & LPT(Master) 考試心得分享 | ||
| Details | Website | 2023-03-01 | 1 | CISA Releases Red Team Assessment on Critical Infrastructure | ||
| Details | Website | 2023-02-28 | 44 | CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA | ||
| Details | Website | 2023-02-27 | 0 | Kerberos overview: Introducing network authentication | ||
| Details | Website | 2023-02-26 | 9 | How To Attack Admin Panels Successfully Part 3 | ||
| Details | Website | 2023-02-25 | 7 | From CVE-2022-33679 to Unauthenticated Kerberoasting | ||
| Details | Website | 2022-11-04 | 4 | SensePost | Certpotato – using adcs to privesc from virtual and network service accounts to local system | ||
| Details | Website | 2022-07-26 | 60 | Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers | Mandiant |