Tanaka Zakku
21 lines
1017 B
YAML
21 lines
1017 B
YAML
title: AS-REP Roasting
|
|
title_jp: AS-REPロースティング
|
|
description: For each account found without preauthentication, an adversary may send an AS-REQ message without the encrypted timestamp and receive an AS-REP message with TGT data which may be encrypted with an insecure algorithm such as RC4.
|
|
description_jp: For each account found without preauthentication, an adversary may send an AS-REQ message without the encrypted timestamp and receive an AS-REP message with TGT data which may be encrypted with an insecure algorithm such as RC4.
|
|
author: Matsui
|
|
contributor: Zach Mathis, James Takai, DustInDark
|
|
mitre_attack: T1558.004
|
|
level: high
|
|
detection:
|
|
selection:
|
|
Channel: Security
|
|
EventID: 4768
|
|
TicketEncryptionType: '0x17' #RC4-HMAC
|
|
PreAuthType: 0 #Logon without pre-authentication
|
|
falsepositives:
|
|
- legacy application
|
|
output: 'Possible AS-REP Roasting'
|
|
output_jp: 'AS-REPロースティングのリスクがある'
|
|
creation_date: 2021/04/31
|
|
updated_date: 2021/11/06
|