Certified Pre-Owned Detection Ideas

Quick Overview

DETECT1

DETECT2

  1. The 4768 event MUST include Certificate information
  2. The 4768 event will be requesting the ticket with RC4 encryption (0x17)
Curtesy SpecterOps (Certified Pre-Owned)
  1. https://posts.specterops.io/certified-pre-owned-d95910965cd2
  2. https://www.specterops.io/assets/resources/Certified_Pre-Owned.pdf
  3. https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768#table-5-kerberos-pre-authentication-types
  4. https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4886
  5. https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4888

--

--

--

Cyber Security enthusiast, detection developer and engineer, researcher, consultant.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

How Blackberry would have made perfect sense in 2021

Case Study: Store and Retrieve secrets using AWS Secrets Manager

Data Logging and Audit: The IAM advantage

{UPDATE} Infection Bio War Hack Free Resources Generator

21 Ways To Keep Your Data Safe and Private

Decentralised State —Building a private system of justice

So you think you can’t be fooled?

{UPDATE} Super Rolling Ball Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
redhead0ntherun

redhead0ntherun

Cyber Security enthusiast, detection developer and engineer, researcher, consultant.

More from Medium

SP102 Supplements #3: Building Data Processing Pipeline

Protecting data: glossary of an industry

2022’s Top Cyber Security Trends with a Quantum Twist

What is Cloud Computing?