RELAYING KERBEROS OVER SMB USING KRBRELAYX
Although NTLM relay is often possible within an Active Directory domain, some servers may refuse NTLM authentication. Shortly after investigating this, one of our experts encountered a scenario where the IIS HTTP server from the ADCS only allowed #Kerberos authentication. This technique was therefore used to compromise the domain.
Разбор для славян: HABR
#1N73LL1G3NC3
Although NTLM relay is often possible within an Active Directory domain, some servers may refuse NTLM authentication. Shortly after investigating this, one of our experts encountered a scenario where the IIS HTTP server from the ADCS only allowed #Kerberos authentication. This technique was therefore used to compromise the domain.
Разбор для славян: HABR
#1N73LL1G3NC3