CRTP (Certified Red Team Professional)

5 min readJan 12, 2024


kerberos attacks(persistence):

  • custom SSP(security support provider)
  • AdminSDHolder with ACL
  • Rights Abuse
  • Security Descriptors

custom SSP(security support provider):-

it’s a dll that allows the application to obtain an authenticated connection.

SSP packeges:-

  • NTLM
  • Kerberos
  • Wdigest
  • CredSSP

Mimikatz provides SSP that logs local logons service account and machine accounts passwords in clear text.

AdminSDHolder with ACL:-

used to control permissions for protected groups and it’s in system container.

Rights Abuse:-

Lab manual Learning Object 12:-

End of Learning Object 12

Security Descriptors:-


Powershell Remoting:-

Remote Registry:-

Lab manual Learning Object 13:-

End of Learning Object 13

Privilege Escalation//:

  • kerberoast
  • Targeted kerberoasting -As-REPs
  • Targeted kerberoasting -Set SPN
  • Kerberos Delegation
  • Unauthorized Delegation
  • Constrained Delegation


Lab manual Learning Object 14:-

End of Learning Object 14

Targeted kerberoasting -As-REPs:-

Targeted kerberoasting -Set SPN:-

Kerberos Delegation:-

Unauthorized Delegation:-

Printer Bug:-


Lab manual Learning Object 15:-

End of Learning Object 15

Constrained Delegation:-

Protocol Transition:-

Lab manual Learning Object 16:-

End of Learning Object 16

Resource based Constrained Delegation:-

Lab manual Learning Object 17:-

End of Learning Object 17

End of module3

Created On 12ed, January 2024

Edited on 12ed, January 2024