Golden Ticket Attack with PowerShell Empire

I’m back-filling the blog with some of my older content. This was a golden ticket kerberos attack to simulate a SWIFT back heist. I presented this at a customer event in Boston as well as the Dallas Hackers Association.

Here’s basically what happens in the attack (if I can remember it correctly):

  • Victim is compromised via malicious excel macro.
  • Reconnaissance occurs to find the machines required to grab a domain admin’s hash
  • Pivot to machine with DA session and dump creds.
  • Execute a DC sync in order to get KBRTGT ticket.
  • Create Golden Ticket
  • Profit.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.