Trimarc: Kerberos Bronze Bit Attack (CVE-2020-17049) Scenarios to Potentially Compromise Active Directory
On December 10, NetSPI Security Consultant Jake Karnes was featured in Trimarc:
Jake Karnes (@jakekarnes42) with NetSPI published 3 articles (that’s right 3!) describing a new attack against Microsoft’s Kerberos implementation in Active Directory. He posted an Overview article, describing how the attack works, an Attack article on practical exploitation, and if you need further background on Kerberos, a Theory article.
This article attempts to summarize the key details of the attack and provide some expanded information and potential attack scenarios, including how Active Directory could be compromised leveraging this attack method.
Read the full article here: https://www.hub.trimarcsecurity.com/post/leveraging-the-kerberos-bronze-bit-attack-cve-2020-17049-scenarios-to-compromise-active-directory
Explore More News
Why Continuous Security Validation is Becoming a Security Imperative
CTO Magazine interviewed NetSPI's Field CISO, Nabil Hannan, for a June 11, 2026, article about how cloud-native architectures, continuous deployment pipelines, APIs, and AI-assisted development have accelerated change across enterprise environments.
Canvas breach puts global education cyber risk in focus
ITBrief interviewed NetSPI's Field CISO, Nabil Hannan, for a May 24, 2026 article about a major data breach in Instructure's Canvas learning management system disrupting final exams at universities.
Microsoft is working on a patch for ‘YellowKey’ attack on BitLocker, offers temporary fix
CSO Online interviewed NetSPI's VP of Research, Karl Fosaaen, for a May 20, 2026 article about how Microsoft is working on a patch for a zero-day vulnerability dubbed "YellowKey" (CVE-2026-45585).