All the details for CVE-2020-17049 are now available! The overview contains a summary of the vulnerability and its exploit, including links to 2 deep dive posts which cover much more. blog.netspi.com/cve-2020-170…
The follow-up "Theory" post explains the vulnerability from start to finish. If you've wanted to brush up on your Kerberos and Delegation knowledge, here's a great place to dive in: blog.netspi.com/cve-2020-170…
The final "Practical Exploitation" post covers when and how to use the exploit in practice. It covers example attack scenarios and the commands you'll need: blog.netspi.com/cve-2020-170…
I'm excited to share that CVE-2020-17049 has been issued for a vulnerability that I found. There are more details to come, but I'll be holding off publishing for now while the patchwork is still ongoing. msrc.microsoft.com/update-gu…