THREATOPS
THREAT OPSThreat News › Bypassing Windows authentication reflection mitigations for SYSTEM shells - Part ②

Bypassing Windows authentication reflection mitigations for SYSTEM shells - Part ②

medsynacktiv

In part 1 of this blogpost series, we proved our initial theory that the patch for CVE-2025-33073 was insufficient, by disclosing a trivial NTLM reflection vulnerability leading to LPE.

In this second part, we turn to Kerberos and explain how we achieved a full-blown RCE primitive as a domain user, via a completely novel Kerberos authentication coercion technique that abuses discrepancies in how

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.synacktiv.com/en/publications/bypassing-windows-authentication-reflection-mitigations-for-system-shells-part.html