[Bro] Finding Golden Tickets in Kerberos Logs

brolist at vt.edu brolist at vt.edu
Tue Feb 27 11:49:04 PST 2018

Hey all,

Does anyone have a reliable method to find Active Directory Golden or
Silver Tickets in the Bro Kerberos logs? I was planning to look into doing
this (maybe based partially on expiration) but wanted to ask the list
first. I appreciate any advice.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180227/cc57bc60/attachment.html 

More information about the Bro mailing list