Please enable JavaScript.
Coggle requires JavaScript to display documents.
4 - Access Control Attacks - Coggle Diagram
4 - Access Control Attacks
Privilege escalation
Using the su and sudo commands
Password attacks
Dictionnary attacks
Use every possible password in a predefined database
Brute-force attacks
Try all combinations
Credential stuffing attack
Confirmed username + password reused on other websites
Spraying attack
Same password tested for different accounts
Birthday attack
Finding collision
Rainbow table attack
Large databases of precomputed hashes
Mimikatz
Read passwords from memory
Extract kerberos tickets
Extract certificates and private keys
Read LM and NTLM password hashes in memory
Read cleartext passwords in LSASS
List running process
Pass-the-Hash attack (PTH)
Send a captured hash of a password to an authenticating service
Kerberos exploitation attacks
Overpass the hash
Attack requests a TGT with the user's hash and use this TGT to access network resources
Pass the ticket
Attacker attempts to harvest tickets held in the lsass process
Silver ticket
Use the captured NTLM hash of a service account to create a TGS ticket giving all the privileges of the service account to the attacker.
Golden ticket
Use the captured NTLM hash of Kerberos service account (KRBTGT) to create a custom TGT with all permission.
Kerberos bruteforce
To guess passwords (indirectly NTLM hashes)
ASREPRoast
Identify users with no Kerberos preauthentication enabled (security feature preventing password-guessing attacks). Client doesn't need to prove identity → DC issues AS-REP directly → attacker gets encrypted material. Then offline bruteforce of the encrypted blob.
Kerberoasting
Attackers can crack TGS offline
Sniffer attack
Spoofing attacks
Email spoofing
Phone number spoofing
Core protection methods
Hash and salt passwords
Use password masking
Control electronic access to files
Deploy MFA
Control physical access to systems
Use account lockout controls
Use last logon notification
Educate users about security