Detections
Analytics

Kerberos Configuration on User Account

medium

Language:

Description

Active Directory relies on Kerberos for authentication. It is an older protocol that has since received various security hardening measures. For this reason, it's necessary to disable some legacy options to ensure proper security.

Solution

To ensure the highest level of security, configure the Active Directory's authentication protocol to use the latest security parameters and protocols.

See Also

Authentication secrets part II - Kerberos strikes-back

What Is Kerberos Authentication?

Kerberos RFC 4120

Kerberos Protocol Tutorial

Indicator Details

Name: Kerberos Configuration on User Account

Codename: C-KERBEROS-CONFIG-ACCOUNT

Severity: Medium

MITRE ATT&CK Information:

Tactics: TA0004, TA0001

Techniques: T1078

Attacker Known Tools

HarmJ0y, Elad Shamir: Rubeus