Advanced Domain Attacks

1 min read Security Careers & Certifications

Advanced Domain Attacks

Trust abuse escalates compromise across domain and forest boundaries. Misconfigurations in trust relationships enable authentication flow manipulation. SID history injection, forged inter-realm tickets, and trust ticket attacks breach security boundaries. Understanding trust types and authentication flows reveals exploitation opportunities in complex multi-domain environments.

Resource-Based Constrained Delegation (RBCD) provides privilege escalation through delegation misconfigurations. Computers with delegation rights impersonate users to access resources. Modifying msDS-AllowedToActOnBehalfOfOtherIdentity enables computer account takeover. Combined with computer account creation rights, RBCD provides paths from unprivileged users to domain compromise.

ADCS (Active Directory Certificate Services) attacks exploit PKI implementations for authentication bypass and persistence. Vulnerable certificate templates enable requesting certificates for arbitrary users including domain administrators. These certificates provide persistent authentication surviving password changes. Tools like Certify and Rubeus automate ADCS enumeration and exploitation.

Group Policy abuse weaponizes central management for domain-wide compromise. Modifying GPOs affecting domain controllers or privileged users achieves widespread impact. Scheduled task deployment, script execution, or security setting modifications provide code execution. GPO permissions often receive less scrutiny than direct AD permissions, creating exploitation opportunities.