May 03 2021 09:42 AM
Hello Team,
Have anyone observed the alert "Suspected Golden Ticket usage (encryption downgrade)"
Description says : 3 accounts used a weaker encryption method (RC4), in the Kerberos service request (TGS_REQ), from XXXServer to access krbtgt (KRBTGT).
I think that the weaker encryption method RC4 doesnt applies for win2016 servers ,also do we need to check this on the Domain Controller or on the server ?
Thanks in advance
May 04 2021 01:28 AM