FIELD: protection against cyberattacks.
SUBSTANCE: invention relates to protection against cyberattacks using horizontal movement tactics. Method of detecting use of fake authentication data includes steps of determining at least one active login session of a domain user, wherein said login is performed using the Kerberos protocol; for each active login session, determining the corresponding access token, wherein the group list of the domain user who performed the login session is read from the access token; determining an actual list of groups of a domain user by a request to a domain controller; comparing the read group list with the actual group list of the domain user; domain user login session is determined as using fake data for authentication based on mismatch when comparing domain user groups.
EFFECT: high quality of telemetry used to detect computer attacks.
14 cl, 3 dwg
Title | Year | Author | Number |
---|---|---|---|
INTERACTING MODULE FACILITIES FOR COLLECTION OF AUTHENTICATORS AND ACCESS | 2004 |
|
RU2369025C2 |
POLICY-CONTROLLED DELEGATION OF ACCOUNT DATA FOR SINGLE REGISTRATION IN NETWORK AND SECURED ACCESS TO NETWORK RESOURCES | 2007 |
|
RU2439692C2 |
INFRASTRUCTURE FOR VERIFYING BIOMETRIC ACCOUNT DATA | 2007 |
|
RU2434340C2 |
SYSTEM AND METHOD OF AUTOMATIC DEPLOYMENT OF THE ENCRYPTION SYSTEM FOR USERS WHO PREVIOUSLY WORKED ON PC | 2013 |
|
RU2618684C2 |
SYSTEMS AND METHODS FOR PROTECTING NETWORK DEVICES | 2015 |
|
RU2675055C2 |
STABLE AUTHORISATION CONTEXT BASED ON EXTERNAL IDENTIFICATION | 2008 |
|
RU2390838C2 |
METHOD AND SYSTEM FOR PREVENTING UNAUTHORIZED ACCESS TO CORPORATE NETWORK OBJECTS | 2022 |
|
RU2799117C1 |
STABLE AUTHORISATION CONTEXT BASED ON EXTERNAL IDENTIFICATION | 2003 |
|
RU2337399C2 |
EXPANSION OF USER COMPARISON INFORMATION FOR PROTOCOLS | 2006 |
|
RU2411668C2 |
SYSTEM AND METHOD FOR VERIFYING PUBLIC KEY CERTIFICATE TO COUNTERACT "MAN-IN-MIDDLE" ATTACKS | 2012 |
|
RU2514138C1 |
Authors
Dates
2024-11-26—Published
2024-03-05—Filed