Abusing Constrained Kerberos Delegation

Home Blog


This is the 4th week in my course and I think I will be uploading 1 video a week in regards to different attack paths. This video is a bit different as I am explaining the steps on what I do, and how it all works out.  For me, I think recording this and explaining the steps helps me understand it more, so hopefully I will do more of this in the future.

From an Attacking point of view, the flaw of Constrained delegation is that you can acces the service under msDS-AllowedToDelegateTo as ANY user. This is massive, as I demonstrate that I am able to impersonate a Domain Administrator.

Click on this link to view the Video