Domain persistence
In this section, we will discuss various ways to achieve domain-level persistence. These techniques require high privileges equivalent to Domain Administrator. The most obvious way to achieve persistence in the target environment is to create and/or add compromised user or computer accounts to a highly privileged group. However, we will focus on more sophisticated techniques. Also, we will not discuss Group Policy abuse and targeted Kerberoasting from a persistence perspective, as the exploitation will be exactly the same as the examples from Chapter 6, only with a focus on privileged accounts. In the following techniques, we will rely either on privileged but rarely changed credential material (for example, the hash of a krbtgt account) or on attributes and ACL manipulations.
Forged tickets
We will start our journey with forged tickets – the types, their creation, their usage, and OpSec recommendations on how to stay under the radar. One important theoretical...
