search

ADCS + PetitPotal NTLM Relay

Already explained pretty well in these both articles :

LogoADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificate | Red Team Noteswww.ired.teamchevron-right
https://blog.truesec.com/2021/08/05/from-stranger-to-da-using-petitpotam-to-ntlm-relay-to-active-directory/blog.truesec.comchevron-right

PreviousASREPRoastNextPost-Compromise Enumeration

Last updated