Silver-ticket

  • Published on
    Enumerated LDAP, http, smbclient, to then Kerberoast, auth as sqlsvc, and prepare a silver ticket attack. Once we convert SID to string, we can create our ticket, and authenticate as a shell with pwsh. Once we gain foothold, we get root with a deserialization attack.