Abuse Info
Windows
Step 1: Create .exe version of Certipy. Install PyInstaller on a host with python installed, clone down Certipy from GitHub, and run this cmdlet from the root of the GitHub repo to bundle the python project into an .exe binary which can be used on Windows computer where Python is not installed:- Shadow Credentials attack (see AddKeyCredentialLink edge documentation).
- Password reset (see ForceChangePassword edge documentation).
- Targeted Kerberoasting (see WriteSPN edge documentation).
Linux
Step 1: Set UPN of victim to targeted principal’s sAMAccountName followed by @ and the domain name. Set the UPN of the victim principal using Certipy:- Shadow Credentials attack (see AddKeyCredentialLink edge documentation).
- Password reset (see ForceChangePassword edge documentation).
- Targeted Kerberoasting (see WriteSPN edge documentation).
Edge Schema
Source: User, Group, ComputerDestination: Domain
Traversable: Yes