SensePost | Blog | Kerberos

Protected Users: you thought you were safe uh?

Reading time: ~10 min

Posted by aurelien.chalot@orangecyberdefense.com on 31 March 2023

Categories: Kerberos, Ntlm, Windows, Delegation, Protected users

On the 31st of October 2022, a PR on CrackMapExec from Thomas Seigneuret (@Zblurx) was merged. This PR fixed Kerberos...

CertPotato – Using ADCS to privesc from virtual and network service accounts to local system

Reading time: ~14 min

Posted by Hocine Mahtout on 04 November 2022

Categories: Adcs, Kerberos, Rubeus, Windows, Certipy

The goal of this blog post is to present a privilege escalation I found while working on ADCS. We will...

Constrained Delegation Considerations for Lateral Movement

Reading time: ~18 min

Posted by Sergio Lazaro on 18 May 2022

Categories: Active directory, Internals, Kerberos

The abuse of constrained delegation configuration, whereby a compromised domain user or computer account configured with constrained delegation can be...

Our Blog

Protected Users: you thought you were safe uh?

CertPotato – Using ADCS to privesc from virtual and network service accounts to local system

Constrained Delegation Considerations for Lateral Movement