Resource Based Constrained Delegation
Tags
| attack-pattern: | Credentials - T1589.001 Domain Properties - T1590.001 Powershell - T1059.001 Python - T1059.006 Tool - T1588.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | abb516a1-1aa4-4bd8-b62d-58a83b6d1fb8 |
| Fingerprint | f218595123a13fc1 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Oct. 18, 2021, 8:15 a.m. |
| Added to db | Jan. 18, 2023, 7:58 p.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Resource Based Constrained Delegation |
| Title | Resource Based Constrained Delegation |
| Detected Hints/Tags/Attributes | 49/1/47 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://pentestlab.blog/2021/10/18/resource-based-constrained-delegation/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 8 | addcomputer.py |
|
| Details | Domain | 23 | ntlmrelayx.py |
|
| Details | Domain | 3 | rbcd.py |
|
| Details | Domain | 13 | getst.py |
|
| Details | Domain | 4 | ticketconverter.py |
|
| Details | Domain | 49 | wmiexec.py |
|
| Details | Domain | 37 | psexec.py |
|
| Details | Domain | 5 | shenaniganslabs.io |
|
| Details | Domain | 11 | dirkjanm.io |
|
| Details | Domain | 11 | www.harmj0y.net |
|
| Details | Domain | 1 | chryzsh.github.io |
|
| Details | Domain | 1 | blog.redxorblue.com |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 219 | gist.github.com |
|
| Details | 1 | purple.lab/administrator@hive.purple.lab |
||
| Details | File | 3 | standin.exe |
|
| Details | File | 1 | webclient.exe |
|
| Details | File | 8 | addcomputer.py |
|
| Details | File | 1 | powermad.ps |
|
| Details | File | 22 | ntlmrelayx.py |
|
| Details | File | 1 | pentestlab.jpg |
|
| Details | File | 1 | change-lockscreen.exe |
|
| Details | File | 3 | rbcd.py |
|
| Details | File | 29 | rubeus.exe |
|
| Details | File | 12 | getst.py |
|
| Details | File | 4 | ticketconverter.py |
|
| Details | File | 45 | wmiexec.py |
|
| Details | File | 34 | psexec.py |
|
| Details | File | 5 | wagging-the-dog.html |
|
| Details | File | 1 | lock-screen-lpe.html |
|
| Details | File | 1 | no-shells-required-using-impacket-to.html |
|
| Details | Github username | 5 | kevin-robertson |
|
| Details | Github username | 1 | 3xocyte |
|
| Details | Github username | 33 | nccgroup |
|
| Details | md5 | 1 | 4ea8e15332e5008581febdb502d0139c |
|
| Details | sha256 | 1 | 7500360427b701852bb84b58ed03ed31a7ea618b2bf5ee83b24d3005b20125ba |
|
| Details | IPv4 | 97 | 10.0.0.1 |
|
| Details | Url | 4 | https://shenaniganslabs.io/2019/01/28/wagging-the-dog.html |
|
| Details | Url | 1 | https://shenaniganslabs.io/2019/08/08/lock-screen-lpe.html |
|
| Details | Url | 2 | https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation |
|
| Details | Url | 1 | http://www.harmj0y.net/blog/activedirectory/a-case-study-in-wagging-the-dog-computer-takeover |
|
| Details | Url | 1 | https://chryzsh.github.io/relaying-delegation |
|
| Details | Url | 1 | https://research.nccgroup.com/2019/08/20/kerberos-resource-based-constrained-delegation-when-an-image-change-leads-to-a-privilege-escalation |
|
| Details | Url | 1 | http://blog.redxorblue.com/2019/12/no-shells-required-using-impacket-to.html |
|
| Details | Url | 4 | https://github.com/kevin-robertson/powermad |
|
| Details | Url | 1 | https://gist.github.com/3xocyte/4ea8e15332e5008581febdb502d0139c |
|
| Details | Url | 1 | https://github.com/nccgroup/change-lockscreen |