TechniqueActive Directory
ESC8 chains authentication coercion with NTLM relay to turn an unauthenticated machine on the network into a domain certificate the attacker controls. This lesson explains why the web enrollment endpoint is relayable, what the attacker gains, and how to communicate the risk clearly in interviews, reports, and stakeholder conversations.
Sign in or upgrade to unlock the full premium library.