Forum Discussion
Solved
Mitigating Lateral Movement Attacks
As I understand it, the risk of a lateral movement attack is increased where sensitive users (e.g. domain admins) log onto the same machine as std users (with Internet access / email access / etc) wh...
- Hi,
Cached credentials are used to verify authenticating user when there is no connectivity to the DC and not used for lateral movement since they are only valid for the machine itself. In addition, the hash is different than those used for NTLM/Kerberos so it won't be useful for moving laterally. Also they're considered quite hard to reverse/break, so limiting the cached creds to 0 or 1 would only cause issues than help.
igrady
Microsoft
MicrosoftHi,
Cached credentials are used to verify authenticating user when there is no connectivity to the DC and not used for lateral movement since they are only valid for the machine itself. In addition, the hash is different than those used for NTLM/Kerberos so it won't be useful for moving laterally. Also they're considered quite hard to reverse/break, so limiting the cached creds to 0 or 1 would only cause issues than help.
Cached credentials are used to verify authenticating user when there is no connectivity to the DC and not used for lateral movement since they are only valid for the machine itself. In addition, the hash is different than those used for NTLM/Kerberos so it won't be useful for moving laterally. Also they're considered quite hard to reverse/break, so limiting the cached creds to 0 or 1 would only cause issues than help.