RSS Feed

Credential Delegation

Created: 10.06.2023

Imagine, I have keys to my place. I also have a friend, and I want this friend to take care of my cat when I am out of town. I can make a copy of my keys and give them to my friend. What I did is called delegating the access credentials.


This protocol is used on Windows machines when utilising batch scripts.

⚔️ Attacks

  1. MiM (when the creds are sent either from the user 🤣 to server 🥸 or from the server 🥸 to another server 👨🏻).
  2. 🛠️ Mimikatz and similar tools that retrieve creds from RAM and cache.
  3. User 🤣, server 🥸 or service 👨🏻 compromise.

🛡️ Defense

So, long story short, don’t use CredSSP (which is a default behaviour for batch scripts). Use PowerShell (Kerberos protocol under the hood).


Expand… Something here