ASilver Ticketis a forged KerberosService Ticket (TGS - Ticket Granting Service)in ActiveDirectory, granting access to a specific service (e.g., MSSQL, CIFS) without KDC interaction. Unlike a Golden Ticket (TGT forgery), it requires:
Service Account’s NTLM Hash:The target service’s account (e.g., MSSQLSvc) hash, not a ticket.
Forgery: Tools like Mimikatz craft the TGS (e.g., kerberos::golden /service: /user: /ntlm:).
Kerberos Flow (RFC 4120):
TGT (Ticket-Granting Ticket): Obtained via AS (Authentication Service) with user creds.
TGS: Requested from TGS (Ticket Granting Service) using TGT for service access.
Silver Ticket Process:
No TGT needed; the attacker mimics the TGS step using the service account’s stolen hash (e.g., from a compromised host).
C. Service Account Ticket:Misnomer—it’s the hash of the service account (e.g., MSSQLSvc) that enables forgery, not a pre-existing ticket. CNSP’s phrasing likely tests this nuance.
Security Implications:Silver Tickets are stealthier than Golden Tickets (service-specific, shorter-lived). CNSP likely stresses hash protection (e.g., LAPS) and Kerberos monitoring.
Why other options are incorrect:
A. Session Ticket:Not a Kerberos term; confuses session keys.
B. TGT:Used for Golden Tickets, not Silver.
D:Incorrect; the service account’s hash (implied by “ticket”) is essential.
Real-World Context:Silver Tickets exploited in APT29 attacks (2020 SolarWinds) for lateral movement.References:CNSP Official Documentation (Kerberos Attacks); RFC 4120 (Kerberos).