Email us at office@sencode.co.uk

Contact Us Today 01642 716680

Golden Ticket

Definition: A Golden Ticket refers to a technique used in cyber attacks where an attacker with domain administrator-level access to a Windows network can create a valid but unauthorised authentication ticket, called a Ticket Granting Ticket (TGT), for any account on a domain.

acting as a featured image for the page

The Golden Ticket attack takes advantage of the Kerberos authentication protocol used by Windows Active Directory (AD). By compromising the AD Key Distribution Center (KDC) and gaining access to the secret keys (specifically, the KRBTGT account), an attacker can create TGTs that grant them the ability to access any service on the network as any user without needing further authentication. This is a critical security breach, as it effectively allows the attacker to maintain persistence and remain undetected within the network for an extended period.

The existence of a Golden Ticket represents a failure of the trust model in a network’s authentication mechanism. Combatting such threats requires monitoring for anomalous activity, regularly changing passwords, and limiting administrative privileges, as well as implementing other advanced security measures to detect and respond to intrusions.

Key Characteristics:

  • Kerberos Protocol Abuse: Takes advantage of the Kerberos authentication system in Windows Active Directory.
  • Ultimate Access: Provides domain-wide administrator-level access across all services.
  • Undetected Persistence: Allows attackers to maintain long-term access without needing to reauthenticate.
  • Requires Significant Privileges to Execute: The attacker needs administrative access to create a Golden Ticket.

Examples:

  • Real-World Example: An attacker infiltrates a corporate network, gains domain admin rights, and creates a Golden Ticket to access confidential financial data on a network server, all without triggering any alerts.
  • Hypothetical Scenario: Cybercriminals compromise a university network’s AD server and generate Golden Tickets to maintain permanent access to student records and research data.

Related Terms:

  • Ticket Granting Ticket (TGT): A ticket used by Kerberos that allows a user to request access tickets for specific resources from the AD domain.
  • Kerberos: An authentication protocol for networks that use secret-key cryptography and a trusted third party.
  • Pass-the-Hash: A technique where an attacker captures password hashes and reuses them to authenticate to a service without knowing the actual plaintext password.

Related Services:

What is the OWASP Top 10: Download our flash cards to find out.

Inside you will find a description of the most common web vulnerabilities.

Contact us

Get a free, no obligation quote from one of our expert staff.

    Address

    Fusion Hive
    North Shore Road
    Stockton-on-Tees
    North East
    UK
    TS18 2NB

    Resources

    Glossary Careers Privacy Policy Contact Us

    Penetration Testing

    Penetration Testing Web App Penetration Testing Network Penetration Testing Mobile App Penetration Testing Social Engineering API Penetration Test GDPR Penetration Test VAPT

    Security Assessments

    Security Assessments Vulnerability Assessment Red Team Assessment AWS Cloud Security Review Microsoft Cloud Security Review OSINT Assessment Cyber Awareness Training
    01642716680 office@sencode.co.uk
    Trustpilot

    © 2024 Sencode Limited | Company Registration Number 12265595 | VAT Number 366 0145 11 | All Rights Reserved