🛠️
CRTP Notes
  • 🛠️CRTP Notes
  • ⚙️CRTP Methodology
  • 💡Misc
    • PowerShell Basics
    • Bypass defenses
    • Transfer files
  • 🔨Basic enumeration
    • General
    • Network
    • Protection
  • ⛏️AD Enumeration
    • Gnereral
    • ACL
    • Forests and Trusts
  • 🔪Privilege Escalation
    • Local Privilege Escalation
    • Domain Privilege Escalation
      • Kerberoast
      • AS-REP Roasting
      • Delegations
    • Cross Domain Privilege Escalation
      • Trusts
      • AD CS
      • MSSQL Servers
  • 🏎️Lateral Movement
    • WinRM
    • Credentials Dumping
    • DC Sync
    • Over Pass The Hash
    • Runas
  • 🔧Persistence
    • Kerberos
      • Golden Ticket
      • Silver Ticket
      • Diamond Ticket
    • Skeleton Key
    • DSRM
    • Custom SSP
    • AdminSDHolder
    • Security Descriptors
    • ACL
  • 🛡️Mitigations
  • 📚Resources
    • AD attacking overall
    • Rubeus Guide
    • The Hacker Recipes
Powered by GitBook
On this page
  • Kerberoast
  • Golden Ticket
  • Skeleton Keys
  • DSRM
  • Custom SSP
  • MITRE ATT&CK

Was this helpful?

Mitigations

Kerberoast

  • Service Account Passwords should be hard to guess (greater than 35 characters)

  • Use Group Managed Service Accounts which automatic changes the password periodically

Golden Ticket

  • Change the password of the krbtgt account twice as password history is maintained for the account.

Skeleton Keys

  • Running lsass.exe as a protected process is really handy as it forces an attacker to load a kernel mode driver.

  • Make sure that you test it thoroughly as many drivers and plugins may not load with the protection.

DSRM

  • Regularly change DSRM passwords on all Domain Controllers that run DSRM. Ensuring the passwords are different across controllers.

  • Monitor for the registry key DsrmAdminLogonBehaviour in HKLM:\System\CurrentControlSet\Control\Lsa\ being set to the value of 1 or 2.

Custom SSP

  • Monitor for changes of the registry HKLM:\System\CurrentControlSet\Control\Lsa\SecurityPackages

MITRE ATT&CK

MITRE ATT&CK® is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations including mitigations.

Last updated 1 year ago

Was this helpful?

🛡️
https://attack.mitre.org/