Archives

2023

• 02 Aug S4UTomato - Escalate Service Account To LocalSystem via Kerberos
• 29 Jul Revisiting a UAC Bypass By Abusing Kerberos Tickets
• 09 Jul How to Forge a Kerberos Ticket by Yourself
• 06 Jul Creating Windows Access Tokens With God Privilege
• 28 Feb Pass The Certificate when PKINIT Padata Type is NOSUPP
• 18 Jan Revisiting a Credential Guard Bypass From Wdigest

2022

• 27 May Privilege Escalation - Exploiting RBCD Using a User Account
• 21 May PetitPotato - How Do I Escalate To SYSTEM Via Named Pipe
• 19 May Domain Escalation - Certifried combined with KrbRelay
• 12 May Certifried - Active Directory 域权限提升漏洞（CVE-2022–26923）
• 02 May Privilege Escalation - NTLM Relay over HTTP (Webdav)
• 27 Apr Shadow Credentials
• 26 Apr 使用 MITM6 通过 DNS 中继 Kerberos 身份验证
• 26 Mar 使用 MITM6 中继 WPAD 身份验证
• 15 Mar Attack Surface Mining For AD CS
• 12 Mar Abusing Domain Delegation to Attack Active Directory