THREAT OPS › Threat News › Bypassing Windows authentication reflection mitigations for SYSTEM shells - Part ②
Bypassing Windows authentication reflection mitigations for SYSTEM shells - Part ②
In part 1 of this blogpost series, we proved our initial theory that the patch for CVE-2025-33073 was insufficient, by disclosing a trivial NTLM reflection vulnerability leading to LPE.
In this second part, we turn to Kerberos and explain how we achieved a full-blown RCE primitive as a domain user, via a completely novel Kerberos authentication coercion technique that abuses discrepancies in how
MITRE ATT&CK techniques
- VulnerabilitiesT1588.006
Indicators of compromise
- CVE-2025-33073cve