Last Password Change on KRBTGT account

high

Description

Each Active Directory domain has a crucial account called KRBTGT that safeguards the master secret for all other secrets in the domain, making it vital to protect this account at any expense.

Solution

Microsoft fully supports the special operation of changing the KRBTGT account password.

See Also

Kerberos & KRBTGT: Active Directory's Domain Kerberos Service Account

Reset the krbtgt account password/keys

KRBTGT Account Password Reset Scripts now available for customers

Indicator Details

Name: Last Password Change on KRBTGT account

Codename: C-KRBTGT-PASSWORD

Severity: High

MITRE ATT&CK Information:

Tactics: TA0003, TA0004

Techniques: T1078