Forum Discussion
spartan007
May 03, 2021Copper Contributor
Suspected Golden Ticket usage (encryption downgrade)
Hello Team, Have anyone observed the alert "Suspected Golden Ticket usage (encryption downgrade)" Description says : 3 accounts used a weaker encryption method (RC4), in the Kerberos service ...
EliOfek
May 04, 2021Microsoft
The alert means that while the source machine which contacted the DC is known to work well with AES encryption was observed now requesting the DC to work in RC4.
This can be a new smart card usage, a legacy app that implements it this way running on the source machine (benign true) or possibly a malware.
you should check the source machine to see what could have induced this RC4 call.
This can be a new smart card usage, a legacy app that implements it this way running on the source machine (benign true) or possibly a malware.
you should check the source machine to see what could have induced this RC4 call.