Suspected Golden Ticket usage (nonexistent account) from Mac Machines ( monterey beta)

%3CLINGO-SUB%20id%3D%22lingo-sub-2526367%22%20slang%3D%22en-US%22%3ESuspected%20Golden%20Ticket%20usage%20(nonexistent%20account)%20from%20Mac%20Machines%20(%20monterey%20beta)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2526367%22%20slang%3D%22en-US%22%3E%3CP%3Erecently%20we%20started%20seeing%20%22%3CSTRONG%3ESuspected%20Golden%20Ticket%20usage%20(nonexistent%20account)%3C%2FSTRONG%3E%22%20alerts%20from%20Mac%20machines%20which%20running%20on%26nbsp%3B%3CSTRONG%3Emonterey%20beta%3C%2FSTRONG%3E%20version.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBased%20on%20our%20investigation%20this%20getting%20triggered%20when%20user%20tries%20to%20authenticate%20using%20enterprise%20connect%20on%26nbsp%3B%3CSTRONG%3Emonterey%20OS.%20%3C%2FSTRONG%3Eusername%20SOMEDOMAIN.COM%5CWELLKNOWN%2FANONYMOUS%40SOMEDOMAIN.COM%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20else%20experiencing%20this.%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

recently we started seeing "Suspected Golden Ticket usage (nonexistent account)" alerts from Mac machines which running on monterey beta version. 

 

Based on our investigation this getting triggered when user tries to authenticate using enterprise connect on monterey OS. username SOMEDOMAIN.COM\WELLKNOWN/ANONYMOUS@SOMEDOMAIN.COM

 

Anyone else experiencing this.? 

 

 

 

 

0 Replies