Further reading
These resources for further study will help you dive deeper into the attacks covered in the chapter:
- A good walk-through of WebDAV abuse and a further attack path: https://pentestlab.blog/2021/10/20/lateral-movement-webclient/
- A great writeup with traffic samples and event IDs generated during AS-REP roasting: https://rioasmara.com/2020/07/04/kerberoasting-as-req-pre-auth-vs-non-pre-auth/
- A blog post with a focus on detecting and preventing AS-REP roasting: https://blog.netwrix.com/2022/11/03/cracking_ad_password_with_as_rep_roasting/
- A step-by-step guide on how to implement and abuse gMSA in the domain: https://www.dsinternals.com/en/retrieving-cleartext-gmsa-passwords-from-active-directory/
- A blog post about NTLM relay for gMSA passwords published by Cube0x0: https://cube0x0.github.io/Relaying-for-gMSA/
