Using Kerberos for Authentication Relay Attacks
https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
#kerberos #relay
https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
#kerberos #relay
Blogspot
Using Kerberos for Authentication Relay Attacks
Posted by James Forshaw, Project Zero This blog post is a summary of some research I've been doing into relaying Kerberos authentica...
pyKerbrute
Use Python to quickly brute force and enumerate valid Active Directory accounts through Kerberos Pre-Authentication (supports Pass-the-Hash)
https://github.com/3gstudent/pyKerbrute
#ad #kerberos #spray
Use Python to quickly brute force and enumerate valid Active Directory accounts through Kerberos Pre-Authentication (supports Pass-the-Hash)
https://github.com/3gstudent/pyKerbrute
#ad #kerberos #spray
GitHub
GitHub - 3gstudent/pyKerbrute: Use python to perform Kerberos pre-auth bruteforcing
Use python to perform Kerberos pre-auth bruteforcing - 3gstudent/pyKerbrute
How Windows Stops Kerberos Usernames Being Case Sensitive
https://vbscrub.com/2021/11/29/how-windows-stops-kerberos-usernames-being-case-sensitive/
#kerberos #pre_auth #aes_salt
https://vbscrub.com/2021/11/29/how-windows-stops-kerberos-usernames-being-case-sensitive/
#kerberos #pre_auth #aes_salt
Downgrading Kerberos Encryption & Why It Doesn’t Work In Server 2019
How we make Kerberos tickets use weaker encryption, the "TGT delegation trick", and why none of it works if the domain controllers are Windows Server 2019.
https://vbscrub.com/2021/12/04/downgrading-kerberos-encryption-amp-why-it-doesnt-work-in-server-2019/
#kerberos #windows2019 #pentest
How we make Kerberos tickets use weaker encryption, the "TGT delegation trick", and why none of it works if the domain controllers are Windows Server 2019.
https://vbscrub.com/2021/12/04/downgrading-kerberos-encryption-amp-why-it-doesnt-work-in-server-2019/
#kerberos #windows2019 #pentest
ADenum
ADEnum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.
https://github.com/SecuProject/ADenum
#ad #ldap #kerberos #enumeration #tools
ADEnum is a pentesting tool that allows to find misconfiguration through the protocol LDAP and exploit some of those weaknesses with Kerberos.
https://github.com/SecuProject/ADenum
#ad #ldap #kerberos #enumeration #tools
KrbRelay
The only public tool for relaying Kerberos tickets and the only relaying framework written in C#.
https://github.com/cube0x0/KrbRelay
#ad #kerberos #relay
The only public tool for relaying Kerberos tickets and the only relaying framework written in C#.
https://github.com/cube0x0/KrbRelay
#ad #kerberos #relay
Relaying Kerberos over DNS using krbrelayx and mitm6
New method of gaining RCE on AD hosts in the same VLAN without credentials or needing NTLM, by abusing Kerberos, DNS and Active Directory Certificate Services.
https://dirkjanm.io/relaying-kerberos-over-dns-with-krbrelayx-and-mitm6/
#ad #kerberos #relay #mitm6
New method of gaining RCE on AD hosts in the same VLAN without credentials or needing NTLM, by abusing Kerberos, DNS and Active Directory Certificate Services.
https://dirkjanm.io/relaying-kerberos-over-dns-with-krbrelayx-and-mitm6/
#ad #kerberos #relay #mitm6
dirkjanm.io
Relaying Kerberos over DNS using krbrelayx and mitm6
One thing I love is when I think I understand a topic well, and then someone proves me quite wrong. That was more or less what happened when James Forshaw published a blog on Kerberos relaying, which disproves my conclusion that you can’t relay Kerberos from…
APT
NTLMRelay2Self over HTTP Just a walkthrough of how to escalate privileges locally by forcing the system you landed initial access on to reflectively authenticate over HTTP to itself and forward the received connection to an HTTP listener (ntlmrelayx) configured…
🛡️Defending the Three Headed Relay
This blog discusses possible attack paths and various protections associated with Kerberos Relay activity.
https://jsecurity101.medium.com/defending-the-three-headed-relay-17e1d6b6a339
#ad #kerberos #relay #mitigation #blueteam
This blog discusses possible attack paths and various protections associated with Kerberos Relay activity.
https://jsecurity101.medium.com/defending-the-three-headed-relay-17e1d6b6a339
#ad #kerberos #relay #mitigation #blueteam
APT
KrbRelayUp Universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings) https://github.com/Dec0ne/KrbRelayUp #ad #privesc #kerberos #ldap #relay
⚙️ No-Fix LPE Using KrbRelay with Shadow Credentials
This article will explain how to separate the shadow credential method that KrbRelayUp uses into multiple different steps, giving you a bit more control regarding how each piece executes. For example, we can reflectively load some pieces, and execute others normally
https://icyguider.github.io/2022/05/19/NoFix-LPE-Using-KrbRelay-With-Shadow-Credentials.html
#ad #privesc #kerberos #relay
This article will explain how to separate the shadow credential method that KrbRelayUp uses into multiple different steps, giving you a bit more control regarding how each piece executes. For example, we can reflectively load some pieces, and execute others normally
https://icyguider.github.io/2022/05/19/NoFix-LPE-Using-KrbRelay-With-Shadow-Credentials.html
#ad #privesc #kerberos #relay
🔥4👍1