cybersecurity Glossary

What is KRBTGT?

KRBTGT is a default account that exists in all domains of an Active Directory. Its purpose is to act as a KDC (Key Distribution Centre) service account for domain controllers.

When a user wishes to authenticate through Kerberos, they first obtain a TGT ticket which is signed with a key derived from the password of the KRBTGT account. This feature makes this account a critical element, as knowledge of its password would allow a malicious actor to forge arbitrary tickets, better known as Golden Tickets

Here are some technical articles on cybersecurity related to KRBTG that have been published on Tarlogic’s website.