ADCS + PetitPotal NTLM Relay
Already explained pretty well in these both articles :
ADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificate
Red Teaming Experiments
From Stranger to DA // Using PetitPotam to NTLM relay to Domain Administrato - Truesec
Truesec
​
Copy link