krbrelayup – Computer Security Articles

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

May 28, 2022 admin cybersecurity, krbrelayup, microsoft defender for endpoint, microsoft defender for identity, Microsoft security intelligence, resource-based constrained delegation (rbcd)

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 25 May 2022 21:00:00 +0000

The privilege escalation hacking tool KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/ SharpMad, Whisker, and ADCSPwn tools in attacks. Although this attack won’t function for Azure Active Directory (Azure AD) joined devices, hybrid joined devices with on-premises domain controllers remain vulnerable.

The post Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp) appeared first on Microsoft Security Blog.