Kerberos works similarly to a passport: A passport authority issues the passport after the person has identified themselves. With this passport, they can then go to the border and prove their identity.
In this blog post, I will briefly address two often overlooked vulnerabilities and misconfigurations in the Active Directory Tiering model. Specifically, I will focus on the mishandling of terminal servers and the helpdesk user group.
What do we see in the photo? The settings for User Account Control (UAC). But what exactly is that and how can it be bypassed?