Identity theft using pass-the-ticket attack message troubleshooting and verification RRS feed

  • Question

  • Good morning, I installed Microsoft ATA 1.6 as soon as was available and now I start to receive security message from behaviour and attack events. I need to verify "Identity theft using pass-the-ticket attack" event anyone could suggest me any test and verification? thank you

    Wednesday, June 29, 2016 9:22 AM

All replies

  • If you want to simulate a PtT attack, try using mimikatz to export KRB tickets from one computer, import them onto another and then access a network resource using this stolen identity. It is quite complex.
    Monday, August 22, 2016 9:03 PM
  • If you're getting a lot of those alerts make sure you're using the latest version of ATA. Previous versions gave many false positives on that alert.
    Monday, August 29, 2016 2:23 PM