The Cyber Threat Perspective
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting topics.
brad@securit360.com
The Cyber Threat Perspective
Threat Intel Flash Briefing - Kerberos Relaying to Local SYSTEM
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
There exists a universal no-fix local privilege escalation in Windows domain environments where LDAP signing is not enforced (the default settings). Thanks to the research and open source tools of several researchers, it's now trivial to elevate to SYSTEM on most Windows Operating Systems.
Resources:
https://github.com/Dec0ne/KrbRelayUp
https://googleprojectzero.blogspot.com/2021/10/using-kerberos-for-authentication-relay.html
https://github.com/cube0x0/KrbRelay
https://github.com/Dec0ne/KrbRelayUp
Social:
https://twitter.com/cyberthreatpov
https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfw
Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov
Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com
Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.
