Security Memo

Search (Ctrl+K)

Recent Notes

SMART
Oct 22, 2024
- software
Bossa Nova
Oct 22, 2024
ZFS
Oct 22, 2024
post-rock
Oct 06, 2024
- concept
2024-09-27
Sep 27, 2024
- daily

See 1423 more sorted by tag →

❯

Kerberos attacks

Kerberos attacks

created Jan 08, 2024updated Jan 23, 20241 min read

moc
ttp/08-discovery
ttp/04-persistence
ttp/07-credential-access
ttp/09-lateral-movement

Kerberos enumeration (incomplete; actually just use the tag above instead of this link)

silver ticket (service hash required)
golden ticket (domain admin required)
skeleton key (domain admin required)

07-credential-access

Kerberoasting (a.k.a. TGS-REP roasting): crack TGS-REP to get service password
AS-REP roasting: crack AS-REP to get user password

09-lateral-movement

runas.exe: Run a command as another user using password
pass-the-ticket
overpass-the-hash
exploiting unconstrained delegation
exploiting constrained delegation
exploiting resource-based constrained delegation
alternate service name: constrained delegation can authenticate to other service names under the same service account on the allowlist
S4U2Self abuse: DC machine TGT = lateral movement to DC
shadow credentials attack

Graph View

Backlinks

Active Directory
CCDC
CyberPatriot nationals experience
Kerberos

Created with Quartz v4.2.3 © 2024

GitHub
LinkedIn
HackTheBox