Forensic Search for Traces of Unauthorized Access Using the Kerberos Authentication Protocol

Forensic Search for Traces of Unauthorized Access Using the Kerberos Authentication Protocol

연구 분야: Safety

학회: 2023 International Russian Smart Industry Conference (SmartIndustryCon)

Organizations use Windows Active Directory service to authenticate users on the network with Kerberos extended Authentication Protocol. According to IT Governance for 2022, there were revealed 1,063 incidents involving approximately 480,014,323 compromised network user accounts. Therefore, based on statistical data, it is necessary to analyze the most popular type of attack using Kerberos authentication protocol, in particular, what traces remain in logs and, based on this forensic data, determine a more secure usage environment offering mitigation and response precautions. As a conclusion to this study it is necessary to highlight the fact that it is difficult to implement and detect them, that’s why it is necessary to make a thorough log analysis and analysis of other environments where it’s possible to detect them.