8000 GitHub - YossiSassi/Invoke-PostKrbtgtResetMonitor: Centralized detection of Golden Tickets via anomalous kerberos tickets detection AFTER resetting the krbtgt password TWICE. No Dependencies/modules. Requires Event Log Readers or equivalent
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
/ Invoke-PostKrbtgtResetMonitor Public

Centralized detection of Golden Tickets via anomalous kerberos tickets detection AFTER resetting the krbtgt password TWICE. No Dependencies/modules. Requires Event Log Readers or equivalent

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

YossiSassi/Invoke-PostKrbtgtResetMonitor

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
Invoke-PostKrbtgtResetMonitor.ps1
Invoke-PostKrbtgtResetMonitor.ps1
 
 
README.md
README.md
 
 

Repository files navigation

Invoke-PostKrbtgtResetMonitor

Centralized detection of Golden Ticktes via event ID 4769 (TGS) with Error code 0x1f & TGT Anomalies.

Useful when coming to a site recently After a krbtgt double-reset.

NOTE: Run this script AFTER resetting the krbtgt password TWICE (for more info, see: https://github.com/microsoft/New-KrbtgtKeys.ps1).

No Dependencies/modules. Requires Event Log Redears or equivalent (preferrably - run elevated on the PDC/one of the DCs, for better Performance and continued operation of the monitoring process)

by 1nTh35h311 (Comments to yossis@protonmail.com)

About

Centralized detection of Golden Tickets via anomalous kerberos tickets detection AFTER resetting the krbtgt password TWICE. No Dependencies/modules. Requires Event Log Readers or equivalent

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages
0