H3-2022-0097¶

Kerberos Pass-the-Ticket Attack

Description¶

Compromised Ticket-Granting-Ticket or Ticket-Granting-Service tickets are used by attackers to access domain services.

Impact¶

Attackers can use stolen or forged tickets to move laterally within an environment bypassing normal system access controls.

References¶

• Pass the Ticket Attack
• MITRE ATT&CK Technique: T1550.003: Use Alternate Authentication Material: Pass the Ticket