Statements (20)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cyberattack technique
|
| gptkbp:allows |
lateral movement
privilege escalation |
| gptkbp:canBeBypassedBy |
password authentication
|
| gptkbp:detects |
monitoring Kerberos ticket usage
|
| gptkbp:documentedIn |
MITRE ATT&CK T1550.003
|
| gptkbp:exploits |
Kerberos ticket-granting tickets (TGTs)
|
| gptkbp:firstDescribed |
2008s
|
| https://www.w3.org/2000/01/rdf-schema#label |
Pass-the-Ticket attacks
|
| gptkbp:mitigatedBy |
credential guard
monitoring for abnormal ticket activity ticket lifetime restrictions |
| gptkbp:relatedTo |
gptkb:Kerberos_authentication
|
| gptkbp:requires |
access to valid Kerberos tickets
|
| gptkbp:target |
Windows Active Directory environments
|
| gptkbp:usedBy |
attackers
|
| gptkbp:bfsParent |
gptkb:Windows_Defender_Credential_Guard_for_Credential_Protection
gptkb:Windows_Defender_Credential_Guard_for_Secure_Authentication gptkb:Windows_Defender_Credential_Guard_for_Virtualization-Based_Security |
| gptkbp:bfsLayer |
8
|