Honeypot Buster: A Unique Red Team Tool – Javelin Networks Blog

During the research, we revealed there are 7 common sorts of Active Directory related Honey Tokens you can come across as a Red Teamer:1. Kerberoasting Service Accounts Honey Tokens, rather like the only defined during this ADSecurity article by Sean Metcalf. Tricking attackers to scan for Domain Users with assigned SPN Service Principal Name, and with LDAP Attribute flag. So when you try to request TGS for that user, you’ll be uncovered as Kerberoasting effort. TGS definition: A ticket granting server TGS is a logical key distribution center KDC portion it is used by the Kerberos protocol as a relied on third party.

See also  Revolutions