PATCH WATCH By Susan Bradley One of my complaints on behalf of consumers is that information about the new security certificates for Secure Boot has been vague — nearly hidden. Unless you are an AskWoody reader, you might not even be aware that there is an issue with Secure Boot certificates — not to mention […]

ISSUE 23.12.1 • 2026-03-24 By Susan Bradley This month has been relatively quiet for Microsoft Windows updates. Sure, there are the occasional “won’t install the update” situations that are usually fixed with a repair install over the top. I’ve become tired of seeing them. And there were two out-of-band updates for Windows 11 Enterprise 25H2, […]

ISSUE 23.06 • 2026-02-09 ON SECURITY By Susan Bradley Windows in business does one thing really well. It connects computers together to allow users to share information. A key to sharing is authentication. Windows has used a protocol called the New Technology LAN Manager (NTLM). Its very name is now something of an oxymoron: it […]

This is the third in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as they discuss the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem, and how to abuse unconstrained delegation.

The post Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation appeared first on Black Hills Information Security, Inc..

This is the second in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as it discusses the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem.

The post Abusing Delegation with Impacket (Part 2): Constrained Delegation appeared first on Black Hills Information Security, Inc..

In Active Directory exploitation, Kerberos delegation is easily among my top favorite vectors of abuse, and in the years I’ve been learning Kerberos exploitation, I’ve noticed that Impacket doesn’t get nearly as much coverage as tools like Rubeus or Mimikatz.

The post Abusing Delegation with Impacket (Part 1): Unconstrained Delegation appeared first on Black Hills Information Security, Inc..

TL;DR If you only have access to a valid machine hash, you can leverage the Kerberos S4U2Self proxy for local privilege escalation, which allows reopening and expanding potential local-to-domain pivoting paths, such as SEImpersonate!

The post Abusing S4U2Self for Active Directory Pivoting appeared first on Black Hills Information Security, Inc..

Join the BHIS Discord discussion server: https://discord.gg/aHHh3u5 We’re really excited to have a close member of our BHIS extended family, Tim Medin from Red Siege InfoSec, here for a webcast […]

The post Webcast: Kerberos & Attacks 101 appeared first on Black Hills Information Security, Inc..

💾

On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. Slides for this webcast can […]

The post Webcast: Group Policies That Kill Kill Chains appeared first on Black Hills Information Security, Inc..

Derek Banks // This post will walk through a technique to remotely run a Kerberoast attack over an established Meterpreter session to an Internet-based Ubuntu 16.04 C2 server and crack […]

The post A Toast to Kerberoast appeared first on Black Hills Information Security, Inc..

Logan Lembke // Kerberos authentication can be daunting but is an important protocol to understand for any IT professional, and especially important in the field of information security. While you […]

The post What’s trust among schoolchildren: Kerberos Authentication Explained appeared first on Black Hills Information Security, Inc..