Posted by Ben Lincoln (F7EFC8C9 – FD) on Dec 19

Not sure if this is old news by now, but I haven’t seen it mentioned
anywhere.

I was writing some walkthroughs for the alpha version of Mimikatz 2.0,
and realized that since the “Silver Ticket” functionality involves one
of the Windows kerberos ticket encryption keys being the NTLM hash of
the account which receives the kerberos ticket, it’s possible to use it
to check passwords for IIS application pool service accounts…