Skip to main content

Active Directory

Research Areas​

Kerberos Abuse

Ticket attacks, constrained delegation, unconstrained delegation, and SPN abuse.

ACL Exploitation

GenericAll, WriteDACL, WriteOwner, inheritance abuse, and privilege escalation paths.

AD CS

ESC1–ESC8 certificate abuse, NTLM relay chains, and certificate impersonation.

Shadow Credentials

msDS-KeyCredentialLink abuse, PKINIT authentication, and stealth persistence.

Common Vulnerabilities​

TechniqueDescription
KerberoastingService ticket extraction and offline cracking
AS-REP RoastingCracking users without Kerberos pre-authentication
RBCDResource-based constrained delegation abuse
DCSyncReplication rights abuse for credential extraction
Shadow CredentialsCertificate-based persistence and authentication
ACL AbusePrivilege escalation through object permissions