A few months ago, my colleague @sixdub and I presented our talk “Trusts You Might Have Missed” at BSides Chicago (the slides are posted here). We covered a lot of information that we’ve talked about in the “Trusts You Might Have Missed”, “Nodal Analysis of Domain Trusts – Maximizing the Win!”, and the “Domain Trusts: Why You Should Care” posts, as well as a few new developments. I wanted to do a writeup on the new material for anyone interested.
Enumerating and abusing Active Directory domain trusts is all about uncovering a potential mesh of hidden accesses that admins have set up previously (and often incorrectly). If a trust exists, the key is to try to figure out exactly what users have access to what resources across domains, and strategically compromise accounts that can help you achieve your goal. These new PowerView features can help you tease out the exactly nature of this access mesh.