Child to parent domain
How it works
Once you gain Domain Admin privileges within the child domain its possible to get Enterprise Admin in the parent domain by generating a golden ticket in the child domain with the SID of the Enterprise Admin group.
The attack can be performed in two ways, abusing the trust key or the krbtgt hash.
Krbtgt hashTrust keyLast updated