Pentester's Promiscuous Notebook
Twitter
GitHub
Blog
Sponsor
Search
⌃
K
Links
README
⚒️ Pentest
C2
Infrastructure
AD
ACL Abuse
AD CS Abuse
ADIDNS Abuse
Attack Trusts
Attack RODCs
AV / EDR Evasion
Authentication Coercion
Credentials Harvesting
Discovery
DnsAdmins
Dominance
GPO Abuse
Kerberos
Delegation Abuse
Constrained
Resource-based Constrained
Unconstrained
Kerberos Relay
Roasting
Key Credentials Abuse
LAPS
Lateral Movement
LDAP
NTLM
Password Spraying
Post Exploitation
Pre-created Computers Abuse
PrivExchange
Privileges Abuse
RID Cycling
SCCM / MECM Abuse
SMB
RPC
Token Manipulation
User Hunt
WSUS
Zerologon
DevOps
DBMS
Authentication Brute Force
File Transfer
IPMI
Kiosk Breakout
Low-Hanging Fruits
LPE
Networks
NFS
Persistence
Pivoting
Post Exploitation
SNMP
SSH
TFTP
VNC
Misc
OSINT
Password Brute Force
Perimeter
Shells
Web
Wi-Fi
⚔️ Red Team
Basics
Cobalt Strike
Infrastructure
Malware Development
SE
⚙️ Admin
Git
Linux
Networking
Virtualization
Windows
Powered By
GitBook
Delegation Abuse
https://www.guidepointsecurity.com/blog/delegating-like-a-boss-abusing-kerberos-delegation-in-active-directory/
https://www.thehacker.recipes/ad-ds/movement/kerberos/delegations#theory
https://youtu.be/byykEId3FUs?t=2619
https://luemmelsec.github.io/S4fuckMe2selfAndUAndU2proxy-A-low-dive-into-Kerberos-delegations/
https://unit42.paloaltonetworks.com/next-gen-kerberos-attacks/
https://github.com/ShutdownRepo/The-Hacker-Recipes/raw/master/.gitbook/assets/Insomnihack%202022%20-%20Delegating%20Kerberos%20To%20Bypass%20Kerberos%20Delegation%20Limitations.pdf
CVE-2022-33679
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
https://github.com/Bdenneu/CVE-2022-33679
Last modified
8mo ago
