Dark Reading: Abusing Kerberos for Local Privilege Escalation
On August 9, NetSPI Head of Adversarial R&D Nick Landers was featured in the Dark Reading article called Abusing Kerberos for Local Privilege Escalation. Read the preview below or view it online.
+++
As the main authentication protocol for Windows enterprise networks, Kerberos has long been a favored hacking playground for security researchers and cybercriminals alike. While the focus has been on attacking Kerberos authentication to carry out remote exploits and aid in lateral movement across the network, new research explores how Kerberos can also be abused to great effect in carrying out a variety of local privilege escalation (LPE) attacks.
At the Black Hat USA conference this week in Las Vegas, James Forshaw, security researcher for Google Project Zero, and Nick Landers, head of adversarial R&D for NetSPI, plan to take the security discussion beyond the Kerberoasting and Golden/Silver ticket attack discussions that have dominated Kerberos security research in recent years. In the session “Elevating Kerberos to the Next Level,” Forshaw and Landers will explore authentication bypasses, sandbox escapes, and arbitrary code execution in privileged processes.
“James and I have both spent a lot of our time digging into Windows internals, and Kerberos is fundamental to network authentication between Windows systems. However, most of the existing research and tooling I’ve done focuses on remote exploitation — ignoring attack surfaces that exist on just a local machine,” says Landers, who explained why the pair decided to dig deeper into design flaws in the way Kerberos does local authentication. “Through this, we’ve discovered many interesting flaws — some fixed and some not — that we’re excited to share on Wednesday, along with the tooling we’ve built and knowledge we’ve gained over the last several months.”
The tooling will help others in the security research community to inspect and manipulate Kerberos on local systems to build on the pair’s research. The duo will also offer up some important detection and configuration advice to help security practitioners mitigate the risk of the flaws that they’ll present.
You can read the full article on Dark Reading!
Explore More News
NetSPI Recognized in the Inaugural Proactive Security Platforms Landscape
NetSPI®, the global leader in modern penetration testing, today announced its inclusion among notable vendors in The Proactive Security Platforms Landscape, Q1 2026 report by Forrester. The overview examines 42 vendors in the proactive security platform market.
NetSPI Recognized in the 2026 GigaOm Radar Report for Attack Surface Management (ASM)
NetSPI Recognized in the 2026 GigaOm Radar Report for Attack Surface Management (ASM) Minneapolis, MN – March 4, 2026 – NetSPI®, the global leader in modern penetration testing, today announced it has been recognized in the 2026 GigaOm Radar Report for Attack Surface Management (ASM). GigaOm analysts Chris Ray and Whit Walters’ forward-looking report evaluates 32 ASM solutions based on their feature capabilities and nonfunctional requirements that factor into purchase decisions and determine a solution’s material impact on an organization. The recognition validates NetSPI’s continued momentum and fierce investment in platform […]
VM Blog: Five Security Shifts that Will Define 2026
Joe Evangelisto outlines several critical shifts demanding executive attention. As organizations move from open AI experimentation to governed application, leaders must implement safeguards to manage data exposure and ensure system integrity.