Imagine, I have keys to my place. I also have a friend, and I want this friend to take care of my cat when I am out of town. I can make a copy of my keys and give them to my friend. What I did is called delegating the access credentials.
CredSSP
This protocol is used on Windows machines when utilising batch scripts.
⚔️ Attacks
- MiM (when the creds are sent either from the user 🤣 to server 🥸 or from the server 🥸 to another server 👨🏻).
- 🛠️
Mimikatzand similar tools that retrieve creds from RAM and cache. - User 🤣, server 🥸 or service 👨🏻 compromise.
🛡️ Defense
So, long story short, don’t use CredSSP (which is a default behaviour for batch scripts). Use PowerShell (Kerberos protocol under the hood).