creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/conducting-pass-the-ticket-attack/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

1.6 KiB
Raw Blame History

Pass-the-Ticket Detection — API Reference

Libraries

Library Install Purpose
impacket pip install impacket Kerberos ticket manipulation (ticketer.py, getST.py)
ldap3 pip install ldap3 AD LDAP queries for SPN and account enumeration
pySigma pip install pySigma Sigma rule parsing and conversion

Key Windows Event IDs

Event ID Description Relevance
4768 Kerberos TGT request Golden ticket detection (RC4 = 0x17)
4769 Kerberos service ticket request Silver ticket / Kerberoasting
4770 Kerberos service ticket renewed Ticket reuse indicator
4771 Kerberos pre-auth failed Password spray detection
4624 Successful logon Correlate with ticket usage

Encryption Type Constants

Value Algorithm Concern
0x17 RC4-HMAC Downgrade attack indicator
0x12 AES-256 Expected modern encryption
0x11 AES-128 Acceptable encryption

MITRE ATT&CK Mapping

Technique ID
Use Alternate Authentication Material: Pass the Ticket T1550.003
Steal or Forge Kerberos Tickets: Golden Ticket T1558.001
Steal or Forge Kerberos Tickets: Silver Ticket T1558.002

External References

Reference in New Issue View Git Blame Copy Permalink