Todo

• smb relay (LA)
• relay to adcs

https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/adcs-+-petitpotam-ntlm-relay-obtaining-krbtgt-hash-with-domain-controller-machine-certificate

• esc8 classic

  • pkinit nthash

• petitpotam webclient

  https://twitter.com/tifkin_/status/1418855927575302144/photo/1

• krbrelayup

• https://gist.github.com/tothi/bf6c59d6de5d0c9710f23dae5750c4b9