How to Abuse Resource-Based Constrained Delegation to Gain Unauthorized Access
Tags
| attack-pattern: | Credentials - T1589.001 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086 Sudo - T1169 |
Common Information
| Type | Value |
|---|---|
| UUID | 6e39b179-80df-4ad8-87a2-d78b5c62ba6f |
| Fingerprint | d0985d5105e1afe4 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | May 17, 2023, 7:56 p.m. |
| Added to db | May 17, 2023, 10:18 p.m. |
| Last updated | Nov. 9, 2024, 10:02 p.m. |
| Headline | How to Abuse Resource-Based Constrained Delegation to Gain Unauthorized Access |
| Title | How to Abuse Resource-Based Constrained Delegation to Gain Unauthorized Access |
| Detected Hints/Tags/Attributes | 50/1/30 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 167 | ✔ | Cybersecurity on Medium | https://medium.com/feed/tag/cybersecurity | 2024-08-30 22:08 |
| Details | 168 | ✔ | Infosec on Medium | https://medium.com/feed/tag/infosec | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | dc.support |
|
| Details | Domain | 4 | ticketconverter.py |
|
| Details | Domain | 1 | ticketconvert.py |
|
| Details | Domain | 37 | psexec.py |
|
| Details | Domain | 8 | addcomputer.py |
|
| Details | Domain | 3 | rbcd.py |
|
| Details | Domain | 13 | getst.py |
|
| Details | Domain | 1 | snovvcrash.rocks |
|
| Details | Domain | 7 | www.alteredsecurity.com |
|
| Details | Domain | 1 | vulndev.io |
|
| Details | 1 | support.htb/administrator@dc.support.htb |
||
| Details | File | 1 | powermad.ps1 |
|
| Details | File | 32 | powerview.ps1 |
|
| Details | File | 4 | accesscontrol.raw |
|
| Details | File | 1 | sd.bin |
|
| Details | File | 29 | rubeus.exe |
|
| Details | File | 4 | ticketconverter.py |
|
| Details | File | 1 | ticketconvert.py |
|
| Details | File | 34 | psexec.py |
|
| Details | File | 3 | standin.exe |
|
| Details | File | 8 | addcomputer.py |
|
| Details | File | 3 | rbcd.py |
|
| Details | File | 12 | getst.py |
|
| Details | File | 1 | htb-hades.html |
|
| Details | md5 | 1 | FFCE0C45C18CFDBB3EC16289A9D704DA |
|
| Details | IPv4 | 1 | 10.10.11.174 |
|
| Details | Url | 1 | https://snovvcrash.rocks/2020/12/28/htb-hades.html |
|
| Details | Url | 1 | https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/resource-based-constrained-delegation-ad-computer-object-take-over-and-privilged-code-execution |
|
| Details | Url | 1 | https://www.alteredsecurity.com/post/resource-based-constrained-delegation-rbcd |
|
| Details | Url | 1 | https://vulndev.io/2022/08/27/resource-based-constrained-delegation-resourced-pg-practice |