Sunday, June 26, 2022

Shadow Credentials: Abusing Key Trust Account Mapping for Takeover

The techniques for DACL-based attacks against User and Computer objects in Active Directory have been established for years. If we compromise an account that has delegated rights over a user account, we can simply reset their password, or, if we want to be less disruptive, we can set an SPN or disable Kerberos pre-authentication and try to roast the account. For computer accounts, it is a bit more complicated, but RBCD can get the job done.

These techniques have their shortcomings:

Resetting a…

Read More

Latest news
Related news