THREAT OPS › Threat News › Exploring cross-domain & cross-forest RBCD
Exploring cross-domain & cross-forest RBCD
The Resource-based Constrained Delegation (RBCD) attack is well-known from pentesters and attackers: by editing the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a machine account, an attacker can impersonate users on said machine. Even though this attack mechanism has been thorougly documented on a single domain, and can be performed with Impacket or Rubeus, only a few resources mention i