Abusing Resource-based Constrained Delegation 101
I recently collaborated with Will Schroeder (@harmj0y) to weaponise resource-based constrained delegation to abuse ACLs to take over computer objects in Active Directory.
Will wrote an excellent post about it, which I highly recommend reading: https://www.harmj0y.net/blog/redteaming/another-word-on-delegation/
We later took it up a notch and abused it to the extreme. I will publish the details on 28/01/2019 or as soon as MSRC clears it.