T1558.002 Silver Ticket Mappings

Adversaries who have the password hash of a target service account (e.g. SharePoint, MSSQL) may forge Kerberos ticket granting service (TGS) tickets, also known as silver tickets. Kerberos TGS tickets are also known as service tickets.(Citation: ADSecurity Silver Tickets)

Silver tickets are more limited in scope in than golden tickets in that they only enable adversaries to access a particular resource (e.g. MSSQL) and the system that hosts the resource; however, unlike golden tickets, adversaries with the ability to forge silver tickets are able to create TGS tickets without interacting with the Key Distribution Center (KDC), potentially making detection more difficult.(Citation: ADSecurity Detecting Forged Tickets)

Password hashes for target services may be obtained using OS Credential Dumping or Kerberoasting.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1558.002 Silver Ticket
AC-17 Remote Access Protects T1558.002 Silver Ticket
AC-18 Wireless Access Protects T1558.002 Silver Ticket
AC-19 Access Control for Mobile Devices Protects T1558.002 Silver Ticket
AC-02 Account Management Protects T1558.002 Silver Ticket
AC-03 Access Enforcement Protects T1558.002 Silver Ticket
AC-05 Separation of Duties Protects T1558.002 Silver Ticket
AC-06 Least Privilege Protects T1558.002 Silver Ticket
CA-07 Continuous Monitoring Protects T1558.002 Silver Ticket
CM-02 Baseline Configuration Protects T1558.002 Silver Ticket
CM-05 Access Restrictions for Change Protects T1558.002 Silver Ticket
CM-06 Configuration Settings Protects T1558.002 Silver Ticket
IA-02 Identification and Authentication (organizational Users) Protects T1558.002 Silver Ticket
IA-05 Authenticator Management Protects T1558.002 Silver Ticket
SC-04 Information in Shared System Resources Protects T1558.002 Silver Ticket
SI-12 Information Management and Retention Protects T1558.002 Silver Ticket
SI-03 Malicious Code Protection Protects T1558.002 Silver Ticket
SI-04 System Monitoring Protects T1558.002 Silver Ticket
SI-07 Software, Firmware, and Information Integrity Protects T1558.002 Silver Ticket