Golden Ticket Attack with PowerShell Empire

I’m back-filling the blog with some of my older content. This was a golden ticket kerberos attack to simulate a SWIFT back heist. I presented this at a customer event in Boston as well as the Dallas Hackers Association.

Here’s basically what happens in the attack (if I can remember it correctly):

  • Victim is compromised via malicious excel macro.
  • Reconnaissance occurs to find the machines required to grab a domain admin’s hash
  • Pivot to machine with DA session and dump creds.
  • Execute a DC sync in order to get KBRTGT ticket.
  • Create Golden Ticket
  • Profit.

Read more “Golden Ticket Attack with PowerShell Empire”