Anomaly detection in certificate-based TGT requests

One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center (KDC) into granting access to the target company’s network. An example of such an attack is the Shadow Credentials technique, which lets an attacker sign in under a user account by modifying the victim’s msDS-KeyCredentialLink attribute and adding an authorization certificate to it. Such attacks are difficult to …

access anomaly detection attack attackers center certificate certificates corporate corporate network credentials detection distribution key network requests resources shadow target the key unauthorized access