Dirk-jan

Blog with context: https://dirkjanm.io/abusing-forgotten-permissions-on-precreated-computer-objects-in-active-directory/

Is ldap channel binding set to required? That may cause the issue when connecting over TLS

Interesting. I imagine this is a limitation of the ldap3 library since it doesn't support channel binding nor signing. I'd have to look if we can add it to that...

Seems likely that you'll need python 3.6+ to run it.

You may also need to follow the instructions in #6

Any specific Kerberos auth scenario you're looking for? Or just generic support for it to avoid using NTLM?

Thanks for thinking along with this :) Do you have an example of how and where this can be configured? Note that the weight is not constant for each ACL,...

Is there a useful scenario for this? When running from source you could easily adapt it to use SIMPLE auth instead of NTLM here: https://github.com/fox-it/BloodHound.py/blob/master/bloodhound/ad/authentication.py#L63 I don't think adding a...

I don't recall ever seeing this. If you need really need it in some cases I suggest making the small change to the source code mentioned above

hey Matthias, thanks, this does work pretty well for my problem, your proposed additions work and it can construct the asn1 properly. However it does not fix the reverse parsing...