Active Directory forest trusts part 2 - Trust transitivity and finding a trust bypass
In my first personal blog post in 2018 I wrote about Active Directory forest trusts and how they work under the hood. Part two of the series was since then promised but never delivered. I researched this topic again in 2019 and ended up finding a logic flaw which allowed the bypassing of the SID filtering mechanism and compromise hosts in a trusted forest. This flaw was patched in February 2020 and given CVE-2020-0665. Because of a global pandemic that cancelled most in-person conferences in 2020 I didn’t really get around to talk about this much even though it is one of my favorite finds to date. Under the motto “better late than never”, here is part 2 of the forest trust series, with the knowledge I’ve learned since then. Part of this content is also available as video on my YouTube channel.