"Mitigations Developed for Potential Lateral Movement on Azure AD Kerberos"

Researchers discovered that threat actors could exploit a new Microsoft cloud authentication protocol to steal or fake cloud tickets as well as conduct lateral movement in cloud-based Azure AD Kerberos. According to researchers at Silverfort, the new attacks stem from well-known on-premises Kerberos attacks Silver Ticket and Pass The Ticket (PTT), which are used for lateral movement in Active Directory. As part of its cloud migration, Microsoft made Azure AD Kerberos available to authenticate access to cloud resources without requiring the on-premises AD version. Silverfort developed Bounce the Ticket and Silver Iodide, which are two variants of Silver Ticket and PTT that work for Azure AD Kerberos. According to the researchers, the new attacks provide malicious access to hosted infrastructure such as servers and storage. A Microsoft spokesman stated that this technique is not a vulnerability and that a potential attacker would need administrator or elevated rights to access the storage account data in order to use it. This article continues to discuss the vulnerability discovered by Silverfort researchers in Azure AD Kerberos, Microsoft's response to this discovery, and recommended mitigations. 

SC Media reports "Mitigations Developed for Potential Lateral Movement on Azure AD Kerberos"