We will introduce a real-time detection method for attack activities leveraging Domain Administrator privilege including Golden Tickets by using Domain Controller Event logs. If we can detect attack activities with Domain Administrator privilege immediately, the damage can be minimized.
By: Wataru Matsuda, Mariko Fujimoto & Takuho Mitsunaga
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-18/briefings/schedule/#real-time-detection-of-attacks-leveraging-domain-administrator-privilege-13100
