What Is TGT
Ticket Granting Ticket (commonly referred to as TGT) is a security token that a Key Distribution Center issues to users right after they authenticate on a platform. These tickets are usually used in the Kerberos protocol and can be useful to grant access to specific network resources once the user has authenticated.
Kerberos is a computer network authentication protocol that verifies the identity of users or hosts using a digital “ticket” system. It uses secret key cryptography and a trusted third party to verify user identities and authenticate client-server applications.
Ticket Granting Tickets protect users and resources from attackers so it’s important to keep these tokens safe and not allow bad actors to impersonate you and gain access to the resources you are authorized to access.
Because Kerberos is a decades-old technology that has been widely used, bad actors have found ways to compromise it. Among the most common cyberattacks in the context of Kerberos, we find:
- Pass-the-ticket attacks, in which attackers intercept and reuse tickets sent to or from an authenticated user.
- Golden ticket attacks, in which attackers gain access to create their own domain controller in a Windows operating system. This allows them to create fake privileged credentials that grant them unrestricted access to network resources.
- Credential stealing attacks, where attackers attempt to compromise user passwords.