๐ซ Module 4: Golden and Silver Tickets
Master advanced ticket-based attacks including Golden Ticket, Silver Ticket, and Skeleton Key attacks
๐งช Practice These Techniques in GOAD
Use the GOAD lab to safely practice Golden and Silver Ticket attacks.
๐ Learning Objectives
By the end of this module, you will be able to:
- Understand Kerberos ticket structure and components
- Master Golden Ticket attack techniques and implementation
- Execute Silver Ticket attacks for service impersonation
- Implement Skeleton Key attacks for persistent access
- Identify and defend against ticket-based attacks
- Develop detection strategies for forged tickets
๐ Module Prerequisites
Required Knowledge
- Complete understanding of Kerberos protocol (Module 2)
- Knowledge of Active Directory architecture (Module 1)
- Experience with advanced Kerberos attacks (Module 3)
- Familiarity with Mimikatz and Rubeus tools
๐ฏ Module Lessons
1
Kerberos Ticket Structure
Deep dive into Kerberos ticket components and cryptographic elements
Key Topics:
- Ticket Granting Ticket (TGT) Structure
- Service Ticket (ST) Components
- PAC (Privilege Attribute Certificate)
- Ticket Encryption and Signing
- KRBTGT Account and Key Material
๐ Resources:
2
Golden Ticket Attack
Master the most powerful Kerberos attack for domain persistence
Key Topics:
- KRBTGT Hash Extraction
- Golden Ticket Creation Process
- Ticket Injection and Usage
- Domain-wide Persistence
- Golden Ticket Limitations
3
Silver Ticket Attack
Service-specific ticket forgery for targeted service access
Key Topics:
- Service Account Hash Extraction
- Silver Ticket Creation Process
- Service Principal Name (SPN) Targeting
- Service-specific Access
- Silver Ticket vs Golden Ticket
4
Skeleton Key Attack
LSASS manipulation for persistent authentication bypass
Key Topics:
- LSASS Process Manipulation
- Skeleton Key Installation
- Universal Password Bypass
- Persistence Mechanisms
- Detection and Mitigation
๐งช Hands-On Labs
Lab 1: Golden Ticket Implementation
Objective: Extract KRBTGT hash and create Golden Ticket for domain persistence
Duration: 120 minutes
Expert
- Extract KRBTGT account hash using DCSync
- Create Golden Ticket with Mimikatz
- Inject Golden Ticket into memory
- Test domain-wide access
- Validate persistence across reboots
๐ External Resources:
Lab 2: Silver Ticket Service Access
Objective: Create Silver Tickets for specific service access
Duration: 90 minutes
Advanced
- Identify target services and SPNs
- Extract service account hashes
- Create Silver Tickets for multiple services
- Test service-specific access
- Compare with Golden Ticket approach
๐ External Resources:
๐ Module Assessment
Final Module Assessment
Test your understanding of Golden and Silver Ticket attacks with our comprehensive assessment.
30 Questions
60 minutes
80% to pass
Topics Covered:
- Kerberos Ticket Structure
- Golden Ticket Attack Techniques
- Silver Ticket Implementation
- Skeleton Key Attacks