METHOD OF DETECTING USE OF FAKE AUTHENTICATION DATA Russian patent published in 2024 - IPC G06F21/50 H04L9/40 

Abstract RU 2830818 C1

FIELD: protection against cyberattacks.

SUBSTANCE: invention relates to protection against cyberattacks using horizontal movement tactics. Method of detecting use of fake authentication data includes steps of determining at least one active login session of a domain user, wherein said login is performed using the Kerberos protocol; for each active login session, determining the corresponding access token, wherein the group list of the domain user who performed the login session is read from the access token; determining an actual list of groups of a domain user by a request to a domain controller; comparing the read group list with the actual group list of the domain user; domain user login session is determined as using fake data for authentication based on mismatch when comparing domain user groups.

EFFECT: high quality of telemetry used to detect computer attacks.

14 cl, 3 dwg

Similar patents RU2830818C1

Title Year Author Number
INTERACTING MODULE FACILITIES FOR COLLECTION OF AUTHENTICATORS AND ACCESS 2004
  • Khats Bendzhamin A.
  • Ilas Krist'Jan
  • Perlin Ehrik K.
  • Flo Ehrik R.
  • Stefens Dzhon
  • Shutts Klaus U.
  • Richardz Stefan
  • Rizor Sterling M.
RU2369025C2
POLICY-CONTROLLED DELEGATION OF ACCOUNT DATA FOR SINGLE REGISTRATION IN NETWORK AND SECURED ACCESS TO NETWORK RESOURCES 2007
  • Medvinskij Gennadij
  • Ilak Kristian
  • Khagiu Kostin
  • Parsonz Dzhon Eh.
  • Fatkhalla Mokhamed Ehmad Ehl' Din
  • Lich Pol Dzh.
  • Kamel' Tarek Bukhaa Ehl'-Din Makhmud
RU2439692C2
INFRASTRUCTURE FOR VERIFYING BIOMETRIC ACCOUNT DATA 2007
  • Kross Dehvid B.
  • Lich Pol Dzh.
  • Shutts Klaus Ju.
  • Jang Robert D.
  • Sherman Natan K.
RU2434340C2
SYSTEM AND METHOD OF AUTOMATIC DEPLOYMENT OF THE ENCRYPTION SYSTEM FOR USERS WHO PREVIOUSLY WORKED ON PC 2013
  • Shiyafetdinov Damir Rafekovich
  • Makarov Aleksandr Nikolaevich
  • Kirikova Evgeniya Pavlovna
  • Ovcharik Vladislav Ivanovich
  • Kamanin Konstantin Vladimirovich
RU2618684C2
SYSTEMS AND METHODS FOR PROTECTING NETWORK DEVICES 2015
  • Glejzmejkers Kurt
  • Khemilton Malkolm
  • Berberoglu Gokkhan
RU2675055C2
STABLE AUTHORISATION CONTEXT BASED ON EXTERNAL IDENTIFICATION 2008
  • Mauehrs Dehvid R.
  • Dubrovkin Dehniehl
  • Lejbehn Roj
  • Shmidt Donal'D I.
  • Visvanatan Rehm
  • Brezak Dzhon I.
  • Uord Richard B.
RU2390838C2
METHOD AND SYSTEM FOR PREVENTING UNAUTHORIZED ACCESS TO CORPORATE NETWORK OBJECTS 2022
  • Balashov Aleksandr Viktorovich
  • Cherepanov Pavel
  • Nagornov Ivan Grigorevich
  • Glazunov Nikita Sergeevich
  • Solomatin Aleksandr Igorevich
RU2799117C1
STABLE AUTHORISATION CONTEXT BASED ON EXTERNAL IDENTIFICATION 2003
  • Mauehrs Dehvid R.
  • Dubrovkin Dehniehl
  • Lejbehn Roj
  • Shmidt Donal'D I.
  • Visvanatan Rehm
  • Brezak Dzhon I.
  • Uord Richard B.
RU2337399C2
EXPANSION OF USER COMPARISON INFORMATION FOR PROTOCOLS 2006
  • Kroll Kristofer Dzh.
  • Medvinskij Gennadij
  • Boll Dzhoshua
  • Jaganatkhan Kartkhik
  • Lich Pol Dzh.
  • Chzhu Litsjan
  • Kross Dehvid B.
RU2411668C2
SYSTEM AND METHOD FOR VERIFYING PUBLIC KEY CERTIFICATE TO COUNTERACT "MAN-IN-MIDDLE" ATTACKS 2012
  • Grebennikov Nikolaj Andreevich
  • Monastyrskij Aleksej Vladimirovich
  • Gostev Aleksandr Aleksandrovich
RU2514138C1

RU 2 830 818 C1

Authors

Rodchenko Aleksandr Mikhailovich

Dates

2024-11-26Published

2024-03-05Filed