Security Stuff
  • About
  • HackTheBox
    • Windows
      • Forest
      • Escape
      • Timelapse
      • Support
    • Linux
      • TwoMillion
      • Soccer
      • Pollution
      • Pilgrimage
      • Sandworm
  • Windows
    • Authentication
      • Overview
      • Logon
      • Kerberos
      • Credential
    • Active Directory
      • Domain Service
        • LDAP
        • AD Objects
      • Key Distribution Center
      • Certificate Service
    • Windows Protocols
      • SMB
    • Windows Server
      • MSSQL
    • Execution
      • Windows APIs
      • Remote Access
        • WinRM
    • Credential Access
      • Kerberos Ticket
        • Kerberoasting Attack
        • Golden/Silver Ticket Attack
        • AS-REP Roasting Attack
      • OS Credential Dumping
        • DCsync Attack
      • Certified Pre-Owned
  • Linux
    • Management
      • Package
    • Process
      • Namespace
      • Terminal
  • Web
    • Authentication
      • SAML
      • OAuth
    • Enumeration
  • Defense
    • Windows
      • Windows Event Logs
  • Development
    • Programming Language
    • Database
      • MySQL
    • Virtualization
      • Container
    • Cryptography
      • GnuPG
Powered by GitBook
On this page
  • Overview
  • Authentication Service (AS)
  • Ticket-Granting Service (TGS)
  • LSA
  • Account krbtgt
  • Password
  • KDC Related Attacks
  1. Windows
  2. Active Directory

Key Distribution Center

PreviousAD ObjectsNextCertificate Service

Last updated 1 year ago

Overview

The Key Distribution Center (KDC) is implemented as a domain service.

KDC uses the Active Directory as its and the Global Catalog for directing referrals to KDCs in other domains. The encryption key used in communicating with a user, computer, or service is stored as an attribute of the account object of that security principal.

Both Active Directory and KDC run as part of the LSA's process on a domain controller.

The KDC is a single process that provides two services: Authentication and Ticket-Granting service.

Authentication Service (AS)

Ticket-Granting Service (TGS)

LSA

Account krbtgt

Created automatically when a new domain is created.

Password

A random password value is assigned to the account automatically by the system during the creation of the domain.

The password for the KDC's account is used to derive a cryptographic key for encrypting and decrypting the TGTs that it issues.

Refer to .

KDC Related Attacks

This service issues (TGTs).

When clients want access to a computer, they contact the in the target computer's domain, present a TGT, and ask for a ticket to the computer.

Both Active Directory and KDC services are started automatically by the domain controller's (LSA) and run as part of the LSA's process.

The name used by the KDC in any domain.

Local Security Authority
Golden Ticket Attack
Key Distribution Center - Win32 appsMicrosoftLearn
Logo
security principal
account database
ticket-granting tickets
ticket-granting service