Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.
Kerberos pre-authentication failed.
Security ID: DOMAIN\jdoe
Account Name: jdoe
Service Name: krbtgt/DOMAIN
Client Address: ::ffff:x.x.x.x
Client Port: 64566
Ticket Options: 0x40810010
Failure Code: 0x18
Pre-Authentication Type: 2
Certificate Issuer Name:
Certificate Serial Number:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options and failure codes are defined in RFC 4120.
If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
Join the community of 500,000 technology professionals and ask your questions.
Connect with top rated Experts
16 Experts available now in Live!