Skip to content

Hide Navigation Hide TOC

Potential CVE-2021-42287 Exploitation Attempt (e80a0fee-1a62-4419-b31e-0d0db6e6013a)

The attacker creates a computer object using those permissions with a password known to her. After that she clears the attribute ServicePrincipalName on the computer object. Because she created the object (CREATOR OWNER), she gets granted additional permissions and can do many changes to the object.

Cluster A Galaxy A Cluster B Galaxy B Level
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Potential CVE-2021-42287 Exploitation Attempt (e80a0fee-1a62-4419-b31e-0d0db6e6013a) Sigma-Rules 1
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 2