Secu Profile picture
Offensive Security at @TelefonicaTech | Author of Kraken | Co-author of Mística
Jun 10, 2023 4 tweets 2 min read
Did you know that it is possible to elevate privileges with SeImpersonate in an ADCS environment? It is an alternative to *Potato that you can use in your Red Team operations. And you can do it all with Kraken! #redteam #webshell

You can read about this technique explained in… twitter.com/i/web/status/1… Image First, you must obtain a delegation TGT, you can do it with Rubeus (previous image).

Then you convert the Ticket in KIRBI format to CCACHE. You can use ticketConverter from Impacket: Image