This speech will introduce active directory architecture and present the current attackers’ novel attack on active directory delegation trust relationship, starting from Kerberoast (MITER ATT&CK™ Sub- technique T1558.003) and ASREProast to domain server Kerberos delegation relationship attacks such as 1. Unconstrained delegations (KUD), 2. Constrained delegations (KCD), 3. Resource-based constrained delegations (RBCD), attackers can use Kerberos delegation to Lateral movement and elevated privileges.

The attacker successfully connected the dots from a single host through the attack path and then pwned the domain to break through the current zero-trust architecture and evade the detection of the BLUE TEAM via Gold Tickets.

At the same time, share the hacker toolkit (such as Impacket). The implementation of red team drills in recent years let the audience understand how attackers break through layers of checkpoints, pwn the domain administrators. To remind Domain administrators must check the trust relationship attackers use to invade.