Contact Us Today 01642 716680

Golden Ticket

Definition: A Golden Ticket refers to a technique used in cyber attacks where an attacker with domain administrator-level access to a Windows network can create a valid but unauthorised authentication ticket, called a Ticket Granting Ticket (TGT), for any account on a domain.

The Golden Ticket attack takes advantage of the Kerberos authentication protocol used by Windows Active Directory (AD). By compromising the AD Key Distribution Center (KDC) and gaining access to the secret keys (specifically, the KRBTGT account), an attacker can create TGTs that grant them the ability to access any service on the network as any user without needing further authentication. This is a critical security breach, as it effectively allows the attacker to maintain persistence and remain undetected within the network for an extended period.

The existence of a Golden Ticket represents a failure of the trust model in a network’s authentication mechanism. Combatting such threats requires monitoring for anomalous activity, regularly changing passwords, and limiting administrative privileges, as well as implementing other advanced security measures to detect and respond to intrusions.

Key Characteristics:

  • Kerberos Protocol Abuse: Takes advantage of the Kerberos authentication system in Windows Active Directory.
  • Ultimate Access: Provides domain-wide administrator-level access across all services.
  • Undetected Persistence: Allows attackers to maintain long-term access without needing to reauthenticate.
  • Requires Significant Privileges to Execute: The attacker needs administrative access to create a Golden Ticket.

Examples:

  • Real-World Example: An attacker infiltrates a corporate network, gains domain admin rights, and creates a Golden Ticket to access confidential financial data on a network server, all without triggering any alerts.
  • Hypothetical Scenario: Cybercriminals compromise a university network’s AD server and generate Golden Tickets to maintain permanent access to student records and research data.

Related Terms:

  • Ticket Granting Ticket (TGT): A ticket used by Kerberos that allows a user to request access tickets for specific resources from the AD domain.
  • Kerberos: An authentication protocol for networks that use secret-key cryptography and a trusted third party.
  • Pass-the-Hash: A technique where an attacker captures password hashes and reuses them to authenticate to a service without knowing the actual plaintext password.

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.

      Looking for reliable Penetration Testing? Use the contact form below and request a quote today.