Silver Ticket Attack Threat Overview:Forged Service Tickets Silver Tickets enable an attacker to create forged service tickets (TGS tickets) that are used to access compromised service accounts. The Kerberos Silver Ticket is a valid Ticket Granting Service (TGS) Kerberos ticket that has been encrypted/signed by the service account configured with a Service Principal Name (SPN). How a Silver Ticket Attack Works The following is a summary of how the attack works: Extract NTLM password hash for either a service account
DCShadow enables an attacker (using Mimikatz) to create a fake Active Directory Domain Controller (DC) that can replicate malicious changes to legitimate DCs.
By obtaining the password hash for the most powerful service account in Active Directory – the KRBTGT account – an attacker is able to compromise every account within Active Directory, giving them unlimited and virtually undetectable access to any system connected to AD.