Domain & Forest Trusts — From Kali

Mon, 01 Jan 0001 00:00:00 +0000

Quick Reference

Attack	Requirement	Tool
Cross-domain Kerberoasting	Valid low-priv creds in child domain	GetUserSPNs.py
Cross-domain AS-REP Roasting	Valid low-priv creds in child domain	GetNPUsers.py
SID History Injection (parent-child)	Domain Admin in child domain, child krbtgt hash	ticketer.py
Cross-domain DCSync	Replication rights or DA in target domain	secretsdump.py
One-way inbound trust abuse	DA in trusted domain, inter-realm key	ticketer.py (silver), getST.py
One-way outbound trust abuse	DA in trusting domain, TDO GUID	secretsdump.py, getTGT.py
Cross-forest Kerberoasting	Bidirectional forest trust, valid creds	GetUserSPNs.py
Golden ticket cross-domain	Child krbtgt hash + parent domain SID	ticketer.py
BloodHound trust mapping	Valid creds, network access to DC	bloodhound-python

Trust Concepts

Trust Types

A Trust is a relationship between two domains that allows security principals in one domain to authenticate to resources in another. Trust information is stored in Active Directory as Trusted Domain Objects (TDOs) under CN=System.

Domain & Forest Trusts — From Windows

Mon, 01 Jan 0001 00:00:00 +0000

Enumerating and exploiting Active Directory domain and forest trusts from a Windows foothold: SID history injection, golden ticket cross-domain, inter-realm key abuse.

Forest on MrAzoth

Domain & Forest Trusts — From Kali

Quick Reference

Trust Concepts

Trust Types

Domain & Forest Trusts — From Windows