Do you want to ๐ฑ๐ถ๐๐ฎ๐ฏ๐น๐ฒ ๐ฅ๐๐ฐ ๐ถ๐ป ๐๐ผ๐๐ฟ ๐ฑ๐ผ๐บ๐ฎ๐ถ๐ป?
You definitely should!
๐๐ผ๐ผ๐ฑ ๐ป๐ฒ๐๐: Microsoft has updated Kerberos auditing (Event ID 4768 & 4769) to make it much easier to track encryption usage.
๐ช๐ต๐ ๐ฑ๐ผ๐ฒ๐ ๐๐ต๐ถ๐ ๐บ๐ฎ๐๐๐ฒ๐ฟ?
You can now quickly identify accounts that still rely on RC4 and might break if you enforce AES.
Whatโs new in the event logs?
โ
MSDS-SupportedEncryptionTypes
โ
Available Keys
โ
Advertised Etypes
โ
Session Encryption Type
โ
Pre-Authentication Encryption Type
Next Steps:
1๏ธโฃ Start collecting these events in your SIEM/logging system.
2๏ธโฃ Identify accounts that donโt support AES.
3๏ธโฃ Plan your RC4 phase-out safely.
Thank you Jerry Devore for sharing the news. Make sure to check out Jerry's blog: Active Directory Hardening Series - Part 4 โ Enforcing AES for Kerberos
Are you already tracking this? Drop a comment if you need help! ๐
