Security Stuff
  • About
  • HackTheBox
    • Windows
      • Forest
      • Escape
      • Timelapse
      • Support
    • Linux
      • TwoMillion
      • Soccer
      • Pollution
      • Pilgrimage
      • Sandworm
  • Windows
    • Authentication
      • Overview
      • Logon
      • Kerberos
      • Credential
    • Active Directory
      • Domain Service
        • LDAP
        • AD Objects
      • Key Distribution Center
      • Certificate Service
    • Windows Protocols
      • SMB
    • Windows Server
      • MSSQL
    • Execution
      • Windows APIs
      • Remote Access
        • WinRM
    • Credential Access
      • Kerberos Ticket
        • Kerberoasting Attack
        • Golden/Silver Ticket Attack
        • AS-REP Roasting Attack
      • OS Credential Dumping
        • DCsync Attack
      • Certified Pre-Owned
  • Linux
    • Management
      • Package
    • Process
      • Namespace
      • Terminal
  • Web
    • Authentication
      • SAML
      • OAuth
    • Enumeration
  • Defense
    • Windows
      • Windows Event Logs
  • Development
    • Programming Language
    • Database
      • MySQL
    • Virtualization
      • Container
    • Cryptography
      • GnuPG
Powered by GitBook
On this page
  • Overview
  • Authentication Service (AS)
  • Ticket-Granting Service (TGS)
  • LSA
  • Account krbtgt
  • Password
  • KDC Related Attacks
  1. Windows
  2. Active Directory

Key Distribution Center

PreviousAD ObjectsNextCertificate Service

Last updated 1 year ago

Overview

The Key Distribution Center (KDC) is implemented as a domain service.

KDC uses the Active Directory as its account database and the Global Catalog for directing referrals to KDCs in other domains. The encryption key used in communicating with a user, computer, or service is stored as an attribute of the account object of that security principal.

Both Active Directory and KDC run as part of the LSA's process on a domain controller.

The KDC is a single process that provides two services: Authentication and Ticket-Granting service.

Authentication Service (AS)

This service issues ticket-granting tickets (TGTs).

Ticket-Granting Service (TGS)

When clients want access to a computer, they contact the ticket-granting service in the target computer's domain, present a TGT, and ask for a ticket to the computer.

LSA

Both Active Directory and KDC services are started automatically by the domain controller's Local Security Authority (LSA) and run as part of the LSA's process.

Account krbtgt

The security principal name used by the KDC in any domain.

Created automatically when a new domain is created.

Password

A random password value is assigned to the account automatically by the system during the creation of the domain.

The password for the KDC's account is used to derive a cryptographic key for encrypting and decrypting the TGTs that it issues.

Refer to .

KDC Related Attacks

  • Golden Ticket Attack

LogoKey Distribution Center - Win32 appsMicrosoftLearn