CRTP (Certified Red Team Professional)

HackingSkills
5 min readJan 12, 2024

{Session3}

kerberos attacks(persistence):

  • custom SSP(security support provider)
  • AdminSDHolder with ACL
  • Rights Abuse
  • Security Descriptors

custom SSP(security support provider):-

it’s a dll that allows the application to obtain an authenticated connection.

SSP packeges:-

  • NTLM
  • Kerberos
  • Wdigest
  • CredSSP

Mimikatz provides SSP that logs local logons service account and machine accounts passwords in clear text.

AdminSDHolder with ACL:-

used to control permissions for protected groups and it’s in system container.

Rights Abuse:-

Lab manual Learning Object 12:-

End of Learning Object 12

Security Descriptors:-

WMI:-

Powershell Remoting:-

Remote Registry:-

Lab manual Learning Object 13:-

End of Learning Object 13

Privilege Escalation//:

  • kerberoast
  • Targeted kerberoasting -As-REPs
  • Targeted kerberoasting -Set SPN
  • Kerberos Delegation
  • Unauthorized Delegation
  • Constrained Delegation

kerberoast:-

Lab manual Learning Object 14:-

End of Learning Object 14

Targeted kerberoasting -As-REPs:-

Targeted kerberoasting -Set SPN:-

Kerberos Delegation:-

Unauthorized Delegation:-

Printer Bug:-

Coercer:-

Lab manual Learning Object 15:-

End of Learning Object 15

Constrained Delegation:-

Protocol Transition:-

Lab manual Learning Object 16:-

End of Learning Object 16

Resource based Constrained Delegation:-

Lab manual Learning Object 17:-

End of Learning Object 17

End of module3

Created On 12ed, January 2024

Edited on 12ed, January 2024

--

--