Detecting Unconstrained Delegation Exposures in AD Environment

Written by: Vikram Navali, Senior Technical Product Manager – Active Directory misconfigurations can lead to total domain compromise of an organization. Once an attacker gets a foothold on a compromised network, it can discover AD misconfigurations and gain higher-level privileges to access the domain. A typical Kerberos authentication attack scenario originates from an unconstrained delegation, where attackers identify misconfigurations and steal authentication information, such as password hashes, Kerberos tickets, and application access tokens. Attackers can escalate higher privileges and move laterally within an organization’s IT infrastructure to target high-value assets. This blog discusses what a delegation is, how attackers escalate unconstrained delegation exposure, and what security measures every organization should implement to protect itself.