Forensics to Find and Respond to the Golden Ticket presented at BSidesChicago 2018

by Max Thauer,

Summary : Credential dumping tools are widely available pieces of software leveraged by attackers in order to escalate privileges and move laterally within Windows networks. I will give an overview and demonstration of different types of attacks that can be performed with Mimikatz and PowerSploit, leading up to Golden Ticket attacks as the pinnacle of all of these. Once we understand what these attacks looks like from an adversary’s point of view, we can review the relevant forensic artifacts available to us in order to detect and remediate such attacks.