Shadow Credentials Attack Explained | Full Walkthrough with GenericWrite Over Admin

Автор: ruatelo

Загружено: 2025-12-14

Просмотров: 31

Описание:

In this video, I walk through how to perform a Shadow Credentials attack in Active Directory when we have GenericWrite or Write access over a target user, such as a Domain Admin.

This attack leverages the msDS-KeyCredentialLink attribute, which stores raw public keys used during PKINIT pre-authentication. If we can write to that attribute, we can add our own public key, generate a private key, and request a valid Kerberos TGT for that user — without knowing their password.

Resources:

SpecterOps Blog (Shadow Credentials Theory): https://specterops.io/blog/2021/06/17...

This video is for educational purposes only. Do not use these techniques outside of environments you control or are authorized to test.

#ShadowCredentials #ActiveDirectory #msDSKeyCredentialLink #PKINIT #PrivilegeEscalation #Kerberos #ADSecurity #RedTeam #PostExploitation #pywhisker #ADCS #ActiveDirectoryExploitation #CyberSecurity #Infosec #Certipy #SpecterOps #Pentesting #TGT #KeyTrust #DomainEscalation #ShadowCredentialAttack

Shadow Credentials Attack Explained | Full Walkthrough with GenericWrite Over Admin

Доступные форматы для скачивания:

Скачать видео mp4

Информация по загрузке:

Скачать аудио mp3

Похожие видео

Я в опасности

Constrained Delegation Attack Explained | Attacking & Defending Active Directory

Constrained Delegation Attack Explained | Attacking & Defending Active Directory

ESC1 in Action: Domain Admin in 2 Clicks Using Certipy | ADCS Privesc Series Part 1

ESC1 in Action: Domain Admin in 2 Clicks Using Certipy | ADCS Privesc Series Part 1

Код работает в 100 раз медленнее из-за ложного разделения ресурсов.

Код работает в 100 раз медленнее из-за ложного разделения ресурсов.

ESC9 Privilege Escalation| ADCS Attack Series

ESC9 Privilege Escalation| ADCS Attack Series

The Man Behind Google's AI Machine | Demis Hassabis Interview

The Man Behind Google's AI Machine | Demis Hassabis Interview

The Windows 11 Disaster That's Killing Microsoft

The Windows 11 Disaster That's Killing Microsoft

How to Escape Google Surveillance: Replace Every Service in 2 Weeks

How to Escape Google Surveillance: Replace Every Service in 2 Weeks

Installing & Using RustHound Collector | Better alternative to BloodHound Python?

Installing & Using RustHound Collector | Better alternative to BloodHound Python?

Microsoft begs for mercy

Microsoft begs for mercy

Part 3: ESC3 - ADCS privilege escalation when kerberos is not supported via certiifcates

Part 3: ESC3 - ADCS privilege escalation when kerberos is not supported via certiifcates

CO BY BYŁO GDYBY GRZEGORZ BRAUN PRZEJĄŁ WŁADZĘ W POLSCE? - HEARTS OF IRON 4

CO BY BYŁO GDYBY GRZEGORZ BRAUN PRZEJĄŁ WŁADZĘ W POLSCE? - HEARTS OF IRON 4

Ziemkiewicz: Niemcy już wymazali Polskę z mapy! Szokujące słowa o „sąsiedztwie” z Rosją

Ziemkiewicz: Niemcy już wymazali Polskę z mapy! Szokujące słowa o „sąsiedztwie” z Rosją

Bill Gates STUNNED as Windows 12 Faces MASSIVE Backlash Before Launch!

Bill Gates STUNNED as Windows 12 Faces MASSIVE Backlash Before Launch!

Zbrojenia Bez Hamulców: Pół Miliona Żołnierzy, Rekord Wydatków i „Bilet do Wojska” dla tysięcy

Zbrojenia Bez Hamulców: Pół Miliona Żołnierzy, Rekord Wydatków i „Bilet do Wojska” dla tysięcy

Claude Canvas превращает код Claude в визуальное терминальное приложение!

Claude Canvas превращает код Claude в визуальное терминальное приложение!

Can You Name What You're Looking For?

Can You Name What You're Looking For?

ESC8 - Relaying NTLM & Kerberos to ADCS Web Enrollment

ESC8 - Relaying NTLM & Kerberos to ADCS Web Enrollment

Be Careful with Your Delegations! Unconstrained Delegation Attack Walkthrough & Mitigation Advise

Be Careful with Your Delegations! Unconstrained Delegation Attack Walkthrough & Mitigation Advise

Mythic C2 - Installation | Mythic | Command and Control Series

Mythic C2 - Installation | Mythic | Command and Control Series