Introduction
Kerberos delegation remains one of the most powerful attack vectors in Active Directory environments...
Constrained Delegation
When a service account has constrained delegation configured...
Resource-Based Constrained Delegation (RBCD)
RBCD flips the model — instead of the delegating service controlling which services it can delegate to...
Detection & Mitigations
Defenders should monitor for...
Conclusion
Even in hardened environments, delegation misconfigurations provide reliable lateral movement paths.