Active Directory Kerberoasting Attack: Monitoring and Detection Techniques
Lukáš Kotlaba, Simona Buchovecká, Róbert Lórencz
2020
Abstract
The paper focus is the detection of Kerberoasting attack in Active Directory environment. The purpose of the attack is to extract service accounts’ passwords without need for any special user access rights or privilege escalation, which makes it suitable for initial phases of network compromise and further pivot for more interesting accounts. The main goal of the paper is to discuss the monitoring possibilities, setting up detection rules built on top of native Active Directory auditing capabilities, including possible ways to minimize false positive alerts.
DownloadPaper Citation
in Harvard Style
Kotlaba L., Buchovecká S. and Lórencz R. (2020). Active Directory Kerberoasting Attack: Monitoring and Detection Techniques. In Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-399-5, pages 432-439. DOI: 10.5220/0008955004320439
in Bibtex Style
@conference{icissp20,
author={Lukáš Kotlaba and Simona Buchovecká and Róbert Lórencz},
title={Active Directory Kerberoasting Attack: Monitoring and Detection Techniques},
booktitle={Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2020},
pages={432-439},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0008955004320439},
isbn={978-989-758-399-5},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 6th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Active Directory Kerberoasting Attack: Monitoring and Detection Techniques
SN - 978-989-758-399-5
AU - Kotlaba L.
AU - Buchovecká S.
AU - Lórencz R.
PY - 2020
SP - 432
EP - 439
DO - 10.5220/0008955004320439