As part of the recent publication of Elad Shamir’s work on Kerberos delegation (“Wagging the Dog - Abusing Resource-Based Constrained Delegation to Attack Active Directory”), Alsid is publishing a series of blogposts deepening the uncovered new attack vectors and shedding a light on pragmatic solution for Blue Teams trying to measure the impact of this breakthrough on their Active Directory infrastructure.
Abusing S4U2Self: Another Sneaky Active Directory Persistence
Kerberos Resource-Based Constrained Delegation: a new control path
This article is part of a series that explore new ways to compromise an Active Directory. The series follows an outstanding paper published by Elad Shamir: “Wagging the Dog - Abusing Resource-Based Constrained Delegation to Attack Active Directory”.