Skip to content

Hide Navigation Hide TOC

Uncommon Outbound Kerberos Connection - Security (eca91c7c-9214-47b9-b4c5-cb1d7e4f2350)

Detects uncommon outbound network activity via Kerberos default port indicating possible lateral movement or first stage PrivEsc via delegation.

Cluster A Galaxy A Cluster B Galaxy B Level
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Uncommon Outbound Kerberos Connection - Security (eca91c7c-9214-47b9-b4c5-cb1d7e4f2350) Sigma-Rules 1
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 2