Trusts

Quick Reference Attack Requirement Tool Cross-domain Kerberoasting Valid low-priv creds in child domain GetUserSPNs.py Cross-domain AS-REP Roasting Valid low-priv creds in child domain GetNPUsers.py SID History Injection (parent-child) Domain Admin in child domain, child krbtgt hash ticketer.py Cross-domain DCSync Replication rights or DA in target domain secretsdump.py One-way inbound trust abuse DA in trusted domain, inter-realm key ticketer.py (silver), getST.py One-way outbound trust abuse DA in trusting domain, TDO GUID secretsdump.py, getTGT.py Cross-forest Kerberoasting Bidirectional forest trust, valid creds GetUserSPNs.py Golden ticket cross-domain Child krbtgt hash + parent domain SID ticketer.py BloodHound trust mapping Valid creds, network access to DC bloodhound-python Trust Concepts Trust Types A Trust is a relationship between two domains that allows security principals in one domain to authenticate to resources in another. Trust information is stored in Active Directory as Trusted Domain Objects (TDOs) under CN=System. ...

Quick Reference Attack Requirement Tool Cross-domain Kerberoast Valid domain user in child Rubeus Parent-Child escalation krbtgt hash of child Mimikatz / Rubeus Diamond Ticket cross-domain krbtgt AES256 + DA creds Rubeus One-way inbound abuse DCSync TDO object Mimikatz One-way outbound abuse DCSync TDO GUID Mimikatz Cross-forest Kerberoast Trust configured Rubeus Trust Concepts Trust Types Type Value Description DOWNLEVEL 1 Windows NT 4.0-style trust UPLEVEL 2 Active Directory (Kerberos-based) trust MIT 3 Non-Windows Kerberos realm DCE 4 Theoretical, not used in practice Parent-Child Trust — A two-way, transitive trust automatically created when a new domain is added to an existing tree. The child domain and parent domain mutually authenticate via Kerberos. ...