![](https://webcf.waybackmachine.org/web/20230729070657/https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2022/10/07093719/abstract_threat_actor_attribution-800x450.jpg)
Anomaly detection in certificate-based TGT requests
I identified several signs of attacks that use forged certificates inside the network and developed a Proof-of-Concept utility capable of finding artifacts in AD, as well as a number of detection logic rules that can be added to SIEM.