TrickBot Steals AD Credentials – Expert Comments

Active Directory expert Gerrit Lansing, field CTO at STEALTHbits Technologies, addressed this week’s discovery of a new module for the TrickBot trojan that targets the Active Directory database stored on compromised Windows domain controllers.


EXPERTS COMMENTS
Gerrit Lansing, Field CTO,  STEALTHbits Technologies
January 24, 2020
A golden ticket allows an attacker to forge authentication and authorization information.
A compromise of NTDS.dit is one of the worst things that can happen to an organization. Not only does it expose the hashes for user credentials that may be brute forced, it also exposes the hash for the KRBTGT account, which is the root of all authentication trust in Active Directory, enabling an attacker to create a "golden ticket." A golden ticket allows an attacker to forge authentication and a ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article