Golden Ticket Attack

Definition

A golden ticket attack is a cyberattack that targets Microsoft Active Directory environments, where an attacker virtually gets unlimited access to an organization’s resources. The attack exploits vulnerabilities in Window’s Kerberos authentication protocol.

How a Golden Ticket Attack Works

1. Attackers deploy malware on a device to gain access to an account with permissions to the domain controllers.
2. They infiltrate domain controllers, run a hacking tool to extract the password hash and create a golden ticket, an authorization token that gives them unrestricted access to the network.
3. The golden ticket token can also allow them to impersonate any user, enabling them to manipulate resources within an organization’s domain at will.

Stopping a Golden Ticket Attack

• Regularly change your organization’s KRBTGT account.
• Implement access controls for all employees.
• Stay alert for suspicious activities.