Kerberos and NTLM Security Vulnerabilities

  1. Attack Methodology and Lateral Movement
    1. Initial Access Techniques
      1. Phishing and Social Engineering
        1. Vulnerability Exploitation
          1. Credential Stuffing
            1. Physical Access
            2. Reconnaissance and Discovery
              1. Network Scanning
                1. Service Enumeration
                  1. User and Group Discovery
                    1. Trust Relationship Mapping
                    2. Credential Harvesting
                      1. Memory-based Extraction
                        1. LSASS Process Dumping
                          1. Kerberos Ticket Extraction
                            1. Cached Credential Recovery
                            2. Registry-based Extraction
                              1. SAM Database Access
                                1. LSA Secrets Extraction
                                  1. Stored Credential Recovery
                                  2. Network-based Capture
                                    1. NTLM Relay Setup
                                      1. Credential Interception
                                        1. Man-in-the-Middle Attacks
                                      2. Privilege Escalation
                                        1. Local Privilege Escalation
                                          1. Unquoted Service Paths
                                            1. DLL Hijacking
                                              1. Token Impersonation
                                              2. Domain Privilege Escalation
                                                1. Kerberoasting Exploitation
                                                  1. AS-REP Roasting
                                                    1. Delegation Abuse
                                                  2. Lateral Movement Techniques
                                                    1. Pass-the-Hash Movement
                                                      1. WMI Execution
                                                        1. Remote Service Creation
                                                          1. Scheduled Task Creation
                                                          2. Pass-the-Ticket Movement
                                                            1. Ticket Injection
                                                              1. Service Impersonation
                                                                1. Cross-Domain Movement
                                                                2. Living-off-the-Land Techniques
                                                                  1. PowerShell Remoting
                                                                    1. WinRM Usage
                                                                      1. RDP Hijacking
                                                                    2. Persistence Mechanisms
                                                                      1. Golden Ticket Persistence
                                                                        1. Silver Ticket Persistence
                                                                          1. Scheduled Task Persistence
                                                                            1. Service Installation
                                                                              1. Registry Modification
                                                                                1. WMI Event Subscription

                                                                              Previous

                                                                              5. Kerberos Security Vulnerabilities

                                                                              Go to top

                                                                              Next

                                                                              7. Detection and Monitoring