S4U2Pwnage
[Edit 9/29/18] For a better weaponization of constrained delegation abuse, check out the “s4u” section of the From Kekeo to Rubeus post. Several weeks ago my workmate Lee Christensen (who helped develop this post and material) and I spent some time diving into Active Directory’s S4U2Self and S4U2Proxy protocol extensions. Then, just recently, Benjamin Delpy and Ben …