Blue Team

Defensive security strategies focused on detecting, analyzing, and responding to real-world attacks. This category covers monitoring, detection engineering, incident response, and threat hunting, with practical approaches to strengthening visibility and improving defense against active threats.

Kerberos Golden Tickets: What They Are, How They Work, and How to Detect Them

Kerberos is a central authentication protocol in Active Directory. When a user logs in, the domain issues a Ticket Granting Ticket, often called a TGT. That ticket is later used to request access to services such as file shares, databases, and internal applications. A Golden Ticket attack abuses this process. Instead of requesting a legitimate TGT from the domain, an attacker forges one. If the attacker has compromised the Kerberos signing material associated with the KRBTGT

2 min read