3. WHAT ARE TRUSTS ?
• A trust is a relationship, which you establish between
domains, that makes it possible for users in one domain to
access shared resources in a different domain.
• A trust links up the authentication systems of two (or more)
domains and allows authentication traffic to flow between
them.
4. TRUST TYPES
TRUST TYPE TRANSITIVITY DIRECTION
PARENT - CHILD TRANSITIVE TWO - WAY
TREE - ROOT TRANSITIVE TWO - WAY
SHORTCUT TRANSITIVE ONE-WAY OR TWO-WAY
FOREST TRANSITIVE ONE-WAY OR TWO-WAY
EXTERNAL NON-TRANSITIVE ONE-WAY OR TWO-WAY
REALM TRANSITIVE OR NON-TRANSITIVE ONE-WAY OR TWO-WAY
11. • Golden Ticket using SID History
Golden Tickets are forged Ticket Granting Ticket(TGT), also called authentication
tickets.
Once the attacker has the KRBTGT password hash, he/she can generate a ticket
which can be used on any machine in the domain.
Used to get valid TGS tickets from DCs in the AD forest and provides a great method
of persisting on a domain with access to everything.
ABUSE OF TRUSTS
15. Forging Inter Trust Tickets
• Well known remediation of the golden ticket attack is the changing
the password of KRBTGT account twice.
• Even if the KRBTGT account’s password is changed, the inter-realm
trust keys aren’t rotated.
• Forged Inter Trusts key can be used to impersonate an Enterprise
Admin and regain full domain/forest admin rights.
16. FOREST TRUSTS
• According to Microsoft, Forest is a security boundary as
stated in “What are Domain and Forests” document under
section Forests as Security Boundaries.
• In 2018, Lee Christensen from SpectorOps discovered a bug
which is called the “Printer Bug”.
• By Abusing the MS-RPRN() protocol, administrators in a
forest can compromise resources in a forest with which it
shares a two-way inter forest trust.