Hackers are using fake certificates to infiltrate corporate networks. They trick the Key Distribution Center (KDC) to gain unauthorized access. One method they use is shadow credentials to take over an AD user or computer account. Another method is using certificate-based TGT-Requests in Kerberos authentication. Not all corporate networks have Active Directory Certificate Services (AD CS), so the msDS-KeyCredentialLink attribute is used to link certificates. The attacker who writes the attribute can get a ticket for the object. The attacker can gain access to data and move laterally inside the network. Monitoring and knowledge of the infrastructure are needed to detect this attack. #hackers #certificates #corporatenetworks

https://cybersecuritynews.com/hackers-using-fake-certificates/