📃
Internal Pentest
CtrlK
  • Internal pentest
    • Active Directory
      • Core Concepts
      • Reconnaissance
      • Initial attack vectors
        • LLMNR/NBT-NS Poisoning
        • IPv6 Attacks
        • ASREPRoast
        • ADCS + PetitPotal NTLM Relay
      • Post-Compromise Enumeration
      • Post-Compromise Attacks
      • MISC
  • Cloud pentesting
    • Microsoft AZURE
    • AWS
Powered by GitBook
On this page

Was this helpful?

  1. Internal pentest
  2. Active Directory
  3. Initial attack vectors

ADCS + PetitPotal NTLM Relay

Already explained pretty well in these both articles :

LogoADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificate | Red Team Noteswww.ired.team
https://blog.truesec.com/2021/08/05/from-stranger-to-da-using-petitpotam-to-ntlm-relay-to-active-directory/blog.truesec.com

PreviousASREPRoastNextPost-Compromise Enumeration

Last updated 4 years ago

Was this helpful?