diff --git a/examples/GetUserSPNs.py b/examples/GetUserSPNs.py
index 56a37d4e77..2633a5bab7 100755
--- a/examples/GetUserSPNs.py
+++ b/examples/GetUserSPNs.py
@@ -227,7 +227,7 @@ def outputTGS(self, ticket, oldSessionKey, sessionKey, username, spn, fd=None):
             ccache = CCache()
             try:
                 ccache.fromTGS(ticket, oldSessionKey, sessionKey)
-                ccache.saveFile('%s.ccache' % username)
+                ccache.saveFile('%s.ccache' % username, chmod=0o600)
             except Exception as e:
                 logging.error(str(e))
 
diff --git a/examples/getST.py b/examples/getST.py
index 377a0f5b1a..295eab8aa9 100755
--- a/examples/getST.py
+++ b/examples/getST.py
@@ -170,7 +170,7 @@ def saveTicket(self, ticket, sessionKey):
                 service = "%s/%s@%s" % (service_class, service_hostname, service_realm)
             self.__saveFileName += "@" + service.replace("/", "_")
         logging.info('Saving ticket in %s' % (self.__saveFileName + '.ccache'))
-        ccache.saveFile(self.__saveFileName + '.ccache')
+        ccache.saveFile(self.__saveFileName + '.ccache', chmod=0o600)
 
     def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey, kdcHost, additional_ticket_path):
         if not os.path.isfile(additional_ticket_path):
diff --git a/examples/getTGT.py b/examples/getTGT.py
index 4601adfe06..8d1415131f 100755
--- a/examples/getTGT.py
+++ b/examples/getTGT.py
@@ -54,7 +54,7 @@ def saveTicket(self, ticket, sessionKey):
         ccache = CCache()
 
         ccache.fromTGT(ticket, sessionKey, sessionKey)
-        ccache.saveFile(self.__user + '.ccache')
+        ccache.saveFile(self.__user + '.ccache', chmod=0o600)
 
     def run(self):
         userName = Principal(self.__user, type=options.principalType.value)
diff --git a/examples/goldenPac.py b/examples/goldenPac.py
index 045d87c016..9e6e71145a 100755
--- a/examples/goldenPac.py
+++ b/examples/goldenPac.py
@@ -1009,7 +1009,7 @@ def exploit(self):
                         from impacket.krb5.ccache import CCache
                         ccache = CCache()
                         ccache.fromTGS(tgs, oldSessionKey, sessionKey)
-                        ccache.saveFile(self.__writeTGT)
+                        ccache.saveFile(self.__writeTGT, chmod=0o600)
                     break
             if exception is None:
                 # Success!
diff --git a/examples/raiseChild.py b/examples/raiseChild.py
index 13c2fd7f53..bedbc8d970 100755
--- a/examples/raiseChild.py
+++ b/examples/raiseChild.py
@@ -1233,7 +1233,7 @@ def exploit(self):
             from impacket.krb5.ccache import CCache
             ccache = CCache()
             ccache.fromTGT(parentTGT['KDC_REP'], parentTGT['oldSessionKey'], parentTGT['sessionKey'])
-            ccache.saveFile(self.__writeTGT)
+            ccache.saveFile(self.__writeTGT, chmod=0o600)
 
         # 8) If target was specified, a PSEXEC shell is launched
         if self.__target is not None:
diff --git a/examples/ticketConverter.py b/examples/ticketConverter.py
index 5359cb3de3..fd5daaf7ba 100755
--- a/examples/ticketConverter.py
+++ b/examples/ticketConverter.py
@@ -72,7 +72,7 @@ def is_ccache_file(filename):
 
 def convert_kirbi_to_ccache(input_filename, output_filename):
     ccache = CCache.loadKirbiFile(input_filename)
-    ccache.saveFile(output_filename)
+    ccache.saveFile(output_filename, chmod=0o600)
 
 
 def convert_ccache_to_kirbi(input_filename, output_filename):
diff --git a/examples/ticketer.py b/examples/ticketer.py
index 487bb592eb..3c3c7e7b09 100755
--- a/examples/ticketer.py
+++ b/examples/ticketer.py
@@ -1092,7 +1092,7 @@ def saveTicket(self, ticket, sessionKey):
             ccache.fromTGT(ticket, sessionKey, sessionKey)
         else:
             ccache.fromTGS(ticket, sessionKey, sessionKey)
-        ccache.saveFile(self.__target.replace('/','.') + '.ccache')
+        ccache.saveFile(self.__target.replace('/','.') + '.ccache', chmod=0o600)
 
     def run(self):
         ticket, adIfRelevant = self.createBasicTicket()
diff --git a/impacket/krb5/ccache.py b/impacket/krb5/ccache.py
index c3d460663d..532f7b5c1a 100644
--- a/impacket/krb5/ccache.py
+++ b/impacket/krb5/ccache.py
@@ -590,10 +590,12 @@ def loadFile(cls, fileName):
         except FileNotFoundError as e:
             raise e
 
-    def saveFile(self, fileName):
+    def saveFile(self, fileName, chmod=None):
         f = open(fileName, 'wb+')
         f.write(self.getData())
         f.close()
+        if chmod is not None:
+            os.chmod(fileName, chmod)
 
     @classmethod
     def parseFile(cls, domain='', username='', target=''):
diff --git a/impacket/krb5/keytab.py b/impacket/krb5/keytab.py
index 353a3157a1..e378119223 100644
--- a/impacket/krb5/keytab.py
+++ b/impacket/krb5/keytab.py
@@ -22,12 +22,14 @@
 from enum import Enum
 from six import b
 
-from struct import pack, unpack, calcsize
+from struct import unpack
 from binascii import hexlify
 
 from impacket.structure import Structure
 from impacket import LOG
 
+import os
+
 
 class Enctype(Enum):
     DES_CRC = 1
@@ -281,10 +283,12 @@ def loadKeysFromKeytab(cls, fileName, username, domain, options):
             LOG.warning("No matching key for SPN '%s' in given keytab found!", username)
 
 
-    def saveFile(self, fileName):
+    def saveFile(self, fileName, chmod=0o600):
         f = open(fileName, 'wb+')
         f.write(self.getData())
         f.close()
+        if chmod is not None:
+            os.chmod(fileName, chmod)
 
     def prettyPrint(self):
         print("Keytab Entries:")