Linux Cached Kerberos tickets

MITRE ATT&CK™ Steal or Forge Kerberos Tickets - Technique T1558

Theory

Linux clients can authenticate to Active Directory environments using Kerberos, as can Windows machines. Therfore, Linux client might be storing different CCACHE tickets inside files. This tickets can be used and abused as any other kerberos ticket. In order to read this tickets you will need to be the user owner of the ticket or root inside the machine.

Practice

Linux Active Directory

Resources

Last updated 3 hours ago