Kerberos and NTLM Security Vulnerabilities

  1. Detection and Monitoring
    1. NTLM Attack Detection
      1. Authentication Log Analysis
        1. Event ID 4624 Analysis
          1. Event ID 4625 Monitoring
            1. Logon Type Classification
            2. Network Traffic Analysis
              1. NTLM Challenge-Response Monitoring
                1. Unusual Authentication Patterns
                  1. Cross-Protocol Authentication
                  2. Memory Analysis
                    1. LSASS Process Monitoring
                      1. Credential Access Detection
                        1. Process Injection Detection
                      2. Kerberos Attack Detection
                        1. Kerberoasting Detection
                          1. Event ID 4769 Analysis
                            1. Unusual TGS Request Patterns
                              1. Service Ticket Request Monitoring
                              2. AS-REP Roasting Detection
                                1. Event ID 4768 Analysis
                                  1. Pre-authentication Failure Patterns
                                    1. Unusual AS-REQ Patterns
                                    2. Golden Ticket Detection
                                      1. TGT Anomaly Detection
                                        1. Unusual Privilege Assignments
                                          1. Extended Ticket Lifetimes
                                          2. Silver Ticket Detection
                                            1. Service Ticket Anomalies
                                              1. Unusual Authorization Data
                                                1. Service Access Patterns
                                              2. Advanced Detection Techniques
                                                1. Behavioral Analysis
                                                  1. User Behavior Analytics (UBA)
                                                    1. Machine Learning Detection
                                                      1. Anomaly Detection Algorithms
                                                      2. Honeypot and Deception
                                                        1. Honey Accounts
                                                          1. Honey Tokens
                                                            1. Canary Files
                                                            2. Network Segmentation Monitoring
                                                              1. East-West Traffic Analysis
                                                                1. Unusual Network Flows
                                                                  1. Protocol Anomaly Detection

                                                              Previous

                                                              6. Attack Methodology and Lateral Movement

                                                              Go to top

                                                              Next

                                                              8. Mitigation and Hardening Strategies