I was given the opportunity to deliver a presentation for the Blackhat Webcast series in May of this year. The topic chosen was Active Directory delegation, but with an emphasis on manual enumeration.
We start by taking a step by step walkthrough of aspects relating to the configuration of delegation with some useful background information into the whats and whys, all the way to the stages of blackbox enumeration and finally exploitation of inadequately designed and secured environments.
The presentation is split into theory and practical sections and includes a case study that brings all the theory into real life. This is where we discover how to locate and abuse interesting permissions as well as take a look into interesting delegation permissions that relate to LAPS and BitLocker within an environment.
The slides are linked below and the full presentation (including recording) can be found at the Blackhat website.
Active Directory Delegation Dissected