🆕Delegation
Resource Based Constrained Delegation (RBCD) and
RBCD
If you have an object with the msDS-AllowedToActOnBehalfOfOtherIdentity
attribute set to an account you control you can use the impersonate flag inside NetExec to automatically execute the Resource Based Constrained Delegation and impersonate any user:
S4U2Self
If you have a computer account you can (nearly) always get local administrator with the s4u2self extension:
Resources:
Last updated