all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

KRBUACBypass - UAC Bypass By Abusing Kerberos Tickets

Add to bookmarks
Aug. 2, 2023, 12:30 p.m. | noreply@blogger.com (Unknown)

KitPloit - PenTest Tools! www.kitploit.com


This POC is inspired by James Forshaw (@tiraniddo) shared at BlackHat USA 2022 titled “Taking Kerberos To The Next Level ” topic, he shared a Demo of abusing Kerberos tickets to achieve UAC bypass. By adding a KERB-AD-RESTRICTION-ENTRY to the service ticket, but filling in a fake MachineID, we can easily bypass UAC and gain SYSTEM privileges by accessing the SCM to create a system service. James Forshaw explained the rationale behind this in a blog post …

abusing blackhat bypass demo entry fake james kerberos poc redteam redteam tools service ticket tickets topic uac uac bypass usa

Visit resource

More from www.kitploit.com / KitPloit - PenTest Tools!

OSTE-Web-Log-Analyzer - Automate The Process Of Analyzing Web Server Logs With The Python Web Log … 17 hours ago | www.kitploit.com
attack detection lfi detection oste-web-log-analyzer rfi detection +1
ThievingFox - Remotely Retrieving Credentials From Password Managers And Windows Utilities 1 day, 17 hours ago | www.kitploit.com
ntlm post-exploitation powershell python +7
Galah - An LLM-powered Web Honeypot Using The OpenAI API 2 days, 17 hours ago | www.kitploit.com
galah golang llm openai api +3
CrimsonEDR - Simulate The Behavior Of AV/EDR For Malware Development Training 3 days, 17 hours ago | www.kitploit.com
amsi antivirus crimsonedr dll +5
Url-Status-Checker - Tool For Swiftly Checking The Status Of URLs 4 days, 12 hours ago | www.kitploit.com
bugbountyautomation bugbounty tools httpx infosys +2
CSAF - Cyber Security Awareness Framework 5 days, 17 hours ago | www.kitploit.com
csaf cybersecurity awareness linux socks5 +2
Espionage - A Linux Packet Sniffing Suite For Automated MiTM Attacks 6 days, 17 hours ago | www.kitploit.com
arp-spoofing cybersecurity networking packet capture +5
HackerInfo - Infromations Web Application Security 1 week ago | www.kitploit.com
hackerinfo python python3
C2-Tracker - Live Feed Of C2 Servers, Tools, And Botnets 1 week, 1 day ago | www.kitploit.com
c2-tracker cybersecurity infosec osint +7

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Senior Software Engineer, Security

@ Niantic | Zürich, Switzerland
View on infosec-jobs.com

Consultant expert en sécurité des systèmes industriels (H/F)

@ Devoteam | Levallois-Perret, France
View on infosec-jobs.com

Cybersecurity Analyst

@ Bally's | Providence, Rhode Island, United States
View on infosec-jobs.com

Digital Trust Cyber Defense Executive

@ KPMG India | Gurgaon, Haryana, India
View on infosec-jobs.com

Program Manager - Cybersecurity Assessment Services

@ TestPros | Remote (and DMV), DC
View on infosec-jobs.com
View more jobs