This edge means it's possible to modify the msDS-AllowedToActOnBehalfOfOtherIdentity property of a target. For information on the abuse scenario of the property, see AllowedToAct.
Abuse Info
See the AllowedToAct edge section for abuse info
Opsec Considerations
See the AllowedToAct edge section for opsec considerations
References
- https://eladshamir.com/2019/01/28/Wagging-the-Dog.html
- https://github.com/GhostPack/Rubeus#s4u
- https://gist.github.com/HarmJ0y/224dbfef83febdaf885a8451e40d52ff
- https://blog.harmj0y.net/redteaming/another-word-on-delegation/
- https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1
- https://github.com/Kevin-Robertson/Powermad#new-machineaccount
Updated