ADCS + PetitPotal NTLM Relay

Already explained pretty well in these both articles :

LogoADCS + PetitPotam NTLM Relay: Obtaining krbtgt Hash with Domain Controller Machine Certificate | Red Team Noteswww.ired.team
https://blog.truesec.com/2021/08/05/from-stranger-to-da-using-petitpotam-to-ntlm-relay-to-active-directory/blog.truesec.com

PreviousASREPRoastNextPost-Compromise Enumeration

Last updated

Was this helpful?