Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation
Summary
This article is the third in a series exploring how to abuse Kerberos delegation. It focuses specifically on Resource-Based Constrained Delegation, building upon previous discussions of the Kerberos authentication process and unconstrained delegation.
IFF Assessment
FOE
The article details methods for abusing a specific Kerberos delegation feature, which represents a potential attack vector for defenders.
Defender Context
Understanding and defending against delegation abuses like Resource-Based Constrained Delegation is crucial for Active Directory security. Defenders should audit and restrict delegation settings, monitor for suspicious Kerberos ticket requests, and implement robust endpoint detection and response (EDR) solutions to identify and prevent exploitation attempts.