Active Directory
Research Areasβ
Kerberos Abuse
Ticket attacks, constrained delegation, unconstrained delegation, and SPN abuse.
ACL Exploitation
GenericAll, WriteDACL, WriteOwner, inheritance abuse, and privilege escalation paths.
AD CS
ESC1βESC8 certificate abuse, NTLM relay chains, and certificate impersonation.
Shadow Credentials
msDS-KeyCredentialLink abuse, PKINIT authentication, and stealth persistence.
Common Vulnerabilitiesβ
| Technique | Description |
|---|---|
| Kerberoasting | Service ticket extraction and offline cracking |
| AS-REP Roasting | Cracking users without Kerberos pre-authentication |
| RBCD | Resource-based constrained delegation abuse |
| DCSync | Replication rights abuse for credential extraction |
| Shadow Credentials | Certificate-based persistence and authentication |
| ACL Abuse | Privilege escalation through object permissions |