Kerberos Delegations & S4U Attacks
For my first blog post, I will dive into an essential subject of the Kerberos protocol: The delegation of privileges. The delegation can take multiple form: Unconstrained, constrained, and resource-based constrained delegation. Unconstrained Delegation Unconstrained Delegation was the first type of delegation of privilege available in Windows 2000, it has since been kept for backwards compatibility & interoperability reasons. I will quote a wonderful explanation of the unconstrained delegation made by Sean Metcalf in his post describing in details the protocol: ...