THREATOPS
THREAT OPSThreat News › Exploring cross-domain & cross-forest RBCD

Exploring cross-domain & cross-forest RBCD

lowsynacktiv

The Resource-based Constrained Delegation (RBCD) attack is well-known from pentesters and attackers: by editing the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of a machine account, an attacker can impersonate users on said machine. Even though this attack mechanism has been thorougly documented on a single domain, and can be performed with Impacket or Rubeus, only a few resources mention i

Original source: https://www.synacktiv.com/en/publications/exploring-cross-domain-cross-forest-rbcd.html