Golden ticket attack

Golden ticket attacks are cyberattacks designed to give the hacker full access to an organization’s users, files, and Active Directory. They expose every facet of the organization, granting the hacker full access and control. This kind of attack is made possible by exploiting a weakness in Windows’ Kerberos authentication protocol.

How does a golden ticket attack work?

  • The cybercriminals inject malware into a device to gain entry to an account authorized to access the domain controllers.
  • The attackers then log in to the domain controllers and use a hacking tool to dump the password hash and create the golden ticket — which is an authentication token designed to give them full access to anything on the network.
  • Hackers can use the golden ticket token to impersonate any user and execute any action they please while using the organization’s resources.

How to stop a Golden Ticket attack

  • Frequently update the password of the organization’s KRBTGT account.
  • Be constantly vigilant and monitor for suspicious activity.
  • Avoid granting unnecessary high-level access to all staff.