Going for Gold – Why Hackers Are Looking For Active Directory Golden Tickets
Matt Lock, Director of Sales Engineers, Varonis
Any business that has more than a handful of employees is likely to have a reasonable amount of physical
property that needs locking up – safes, individual offices, equipment, garages and, not least, of all the
outside doors and windows to the premises. In order to make sure that everyone in the organisation can
access what they need to, particularly in the event of a keyholder being on holiday or off ill, a copy of all
the keys is likely to be held in a central place. This will ideally be a lockbox, to which only a couple of
trusted employees have a key.
To burglars, these lockbox keys offer unfettered access to an organisation’s entire estate. If they can get
hold of one key, no matter how hard this might be, they are able to get hold of every key.
In the digital world, the equivalent of the lockbox key is the credentials of the data administrator on an
organisation’s Active Directory, known as a ‘Golden Ticket’. This provides threat actors with permission
to access anything and everything on an organisation’s network – files, logins, system settings and so