Open ryantxu1 opened 4 months ago
Note: all sections are required.
Reset KRBTGT Account
restores some Kerberos Ticket Granting Ticket Account
Resetting the Kerberos Ticket Granting Ticket Service Account passsword for the domain.
CISA recommends organizations affected by the SolarWinds compromise to reset the krbtgt account password. Note that krbtgt must be reset twice.
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-reset-the-krbtgt-password
Note: all sections are required.
{Proposed Technique Name}
Reset KRBTGT Account
Digital Artifacts
restores some Kerberos Ticket Granting Ticket Account
Definition
Resetting the Kerberos Ticket Granting Ticket Service Account passsword for the domain.
How it works
CISA recommends organizations affected by the SolarWinds compromise to reset the krbtgt account password. Note that krbtgt must be reset twice.
References
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-reset-the-krbtgt-password