What is KRBTGT?

KRBTGT is a default account that exists in all domains of an Active Directory. Its purpose is to act as a KDC (Key Distribution Centre) service account for domain controllers.

When a user wishes to authenticate through Kerberos, they first obtain a TGT ticket which is signed with a key derived from the password of the KRBTGT account. This feature makes this account a critical element, as knowledge of its password would allow a malicious actor to forge arbitrary tickets, better known as Golden Tickets

Here are some technical articles on cybersecurity related to KRBTG that have been published on Tarlogic’s website.

Kerberos (I): How does Kerberos work? – Theory
Kerberos (II): How to attack Kerberos?
Kerberos (III): How does delegation work?
N-day exploit: Kerberos EoP in Linux environments
Kerberos tickets: Comprehension and exploitation

We are using cookies to give you the best experience on our website. You can find out more about which cookies we are using or switch them off in Cookies Settings

Necessary

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Necessary cookies

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages. Keeping this cookie enabled helps us to improve our website.

3rd party cookies

Cookies policy

Cybersecurity articles related to KRBTG

Necessary

3rd Party Cookies