Kerberos Delegations & S4U Attacks
For my first blog post, I will dive into an essential subject of the Kerberos protocol: The delegation of privileges. The delegation can take multiple form: Unconstrained, constrained, and resource-based constrained delegation. Kerberos Double-hop Issue Why bother with delegation in the first place ? To understand why we need to take a look at this example: Consider an internal web application available to employees. This web application needs to access data from the backend database, it’s the basic flow of a web application. ...