Posted on
August 22, 2024
SeamlessPass: Leveraging Kerberos Tickets to Access the Cloud
Author: Abdulrahman Nour (Security Researcher at Malcrove) (Figure 5 - Using SeamlessPass to acquire access tokens using compromised user Ticket-Granting Ticket (TGT) TL;DR We have created SeamlessPass, a tool that utilizes Microsoft's Seamless SSO feature to acquire access tokens for Microsoft 365 services by leveraging on-premises Active Directory Kerberos tickets. SeamlessPass is particularly useful in red team scenarios where cleartext passwords are unavailable, but other forms of credentials, such as NTLM hashes or TGTs,...
Read Post