The Cyber Threat Perspective

Threat Intel Flash Briefing - Kerberos Relaying to Local SYSTEM

April 27, 2022 Offensive Security - SecurIT360 Season 99 Episode 1
The Cyber Threat Perspective
Threat Intel Flash Briefing - Kerberos Relaying to Local SYSTEM
Show Notes

There exists a universal no-fix local privilege escalation in Windows domain environments where LDAP signing is not enforced (the default settings). Thanks to the research and open source tools of several researchers, it's now trivial to elevate to SYSTEM on most Windows Operating Systems.

Resources:
https://github.com/Dec0ne/KrbRelayUp
https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
https://github.com/cube0x0/KrbRelay
https://github.com/Dec0ne/KrbRelayUp

Social:
https://twitter.com/cyberthreatpov
https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfw