Source |
CSO |
Identifiant |
5162520 |
Date de publication |
2022-06-15 02:00:00 (vue: 2022-06-15 10:05:15) |
Titre |
How to mitigate Active Directory attacks that use the KrbRelayUp toolset |
Texte |
Those of you with on-premises Active Directory (AD) need to be aware of a new way to abuse Kerberos in your network. KrbRelayUp is a bundle of tools that streamlines the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn. Attackers use the toolset to impersonate an administrator via resource-based constrained delegation and execute code on a device's system account.Pure Azure AD environments are safe from this attack, but hybrid AD networks with both on-premises AD and Azure AD will be at risk. If an attacker compromises an Azure virtual machine that is synchronized with on-premises active directory, the attacker will gain system privileges on the virtual machine and be able to make more advances inside the network.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
able abuse account active adcspwn administrator advances are article attack attacker attackers attacks aware azure based both bundle but click code compromises constrained delegation device directory environments execute features from full gain here how hybrid impersonate inside kerberos krbrelay krbrelayup machine make mitigate more need network networks new please powermad/sharpmad premises privileges pure read resource risk rubeus safe scmuacbypass some streamlines synchronized system those tools toolset use virtual way whisker will your |
Tags |
Tool
|
Stories |
|
Notes |
|
Move |
|