Professional Documents
Culture Documents
The Silver Ticket Attack
The Silver Ticket Attack
It is much easier for attackers to target Silver Tickets because they don’t require any
privileged accounts. It is also harder to detect a Silver Ticket attack because
compromising a silver ticket does not need interaction with the Domain Controller.
Once attackers obtain a Silver Ticket, they can use it as a steppingstone to elevating
privileges to Domain Administrator. Because attackers can compromise the domain
completely with stealthier techniques using Silver Tickets, organizations must find
ways to protect them within their infrastructure.
You just need to get a service account hash or in this case a machine
account hash to forge a ticket. To get the hashes i will load mimikatz on
a system and use this command to get the hashes. This is explained in
details on the golden ticket post. In short we loaded mimikatz on the
admin session and used the lsadump module to dump all the hashes on
the system.
SILVER TICKET DETECTION
Silver Ticket events may have one of these issues: