NTLM | Christopher Keim

Security, Active Directory, Microsoft 365, PowerShell, and Windows Infrastructure

Duplicate SPN Active Directory: Finding and Fixing a Kerberos Security Vulnerability with PowerShell

Duplicate SPN Active Directory issues cause Kerberos authentication to fall back to NTLM, a weaker protocol vulnerable to relay attacks, pass-the-hash, and brute force cracking. Finding and removing duplicate SPNs is a straightforward fix that most environments overlook entirely. What is a Service Principal Name? Service principal names (SPN) is used by Kerberos to link a service to a service account. This allows a user to access a service without knowing the service account

Jun 30, 20222 min read

Home: Blog2

CHRISTOPHER KEIM

Duplicate SPN Active Directory: Finding and Fixing a Kerberos Security Vulnerability with PowerShell