One of RSI’s top priorities is ensuring our client’s online daily work is secure and seamless. We are tasked with performing client monthly and quarterly reviews to consider all aspects of their network. The reviews include patching/firmware version checks on all devices, verifying anti-virus is installed on all computers, along with other security procedures are completed. A critical part of client reviews are password assessments. When running the assessment, all Active Directory user account passwords are checked against various sets of conditions that define a secure password. An example of a test the passwords go through is whether they are susceptible to Kerberoasting attacks.
A Kerberoasting attack consists of a malicious hacker, a standard Active Directory user account (does not need to have administrative privileges), and a program or service that could be used as a target. The attacker initially starts with gaining access to a user account on the domain. With access to the account, the attacker can sign in as the user and essentially already have partial control over the domain, however the attack does not stop there. Then the attacker would attempt to find any service accounts (an Active Directory account, a service runs on behalf of) which may have administrative rights over a program or service and look to use as leverage to receive further admin rights in the network.
The attacker would request what is called TGS tickets (Ticket Granting Service) from the service account that’s been located and can be requested and received from a standard user account. Once the ticket is received, the attacker can crack the password hashes that are stored in the ticket, sign into that service account, and have administrative privileges over an entire program. Once complete, the attacker is a few short steps away from having full control over your domain.
Password assessments are critical in identifying vulnerabilities quickly and efficiently. When warnings come up, RSI works directly with clients to ensure the remediation process goes smoothly and accurately. This is an example of what someone with malicious intent can do with limited information. Having secure passwords and safe browsing habits are critical to being secure on the web and preventing several types of cyber-attacks!
Contact us today to learn more.
