Categories
Authentication Impacket

The Kerberos Key List Attack: The return of the Read Only Domain Controllers

Some time ago Microsoft released a new feature that allows SSO to on-premises resources using security keys. This brought with it the return of the Read Only Domain Controllers and a new credential gathering vector. Let’s take a look at The Kerberos Key List attack.