2021-06-11 14:58:14
"Active Directory forest trusts part 2 - Trust transitivity and finding a trust bypass" by @_dirkjan.
Detailed description of CVE-2020-0665, a logic flaw, which allowed the bypassing of the SID filtering mechanism, leading to the compromise of hosts in transitively trusted forests.
Contents:
• Some important points
• Forging inter-realm tickets and Wireshark debugging
• Do you need to use inter-realm tickets?
• Which keys do I need for inter-realm tickets
• Debugging Kerberos the easy way
• Trust transitivity
• Trust transitivity - new domain discovery
• Trust transitivity, adding our own SIDs to the trust
• How many domains are there in a domain?
• Do you trust this domain? [Y/n]
• Designing a new forest trust attack
• Executing the forest trust bypass
• Obtaining the local SID
• Becoming a domain
• Executing the chain
• Disclosure and patch notes
https://dirkjanm.io/active-directory-forest-trusts-part-two-trust-transitivity/
399 views11:58