Tag
critical
advisory
Kerberos Authentication Relay via DNS CNAME Abuse (CVE-2026-20929)
2 rules 1 TTP 1 CVEAn attacker exploits CVE-2026-20929 by manipulating DNS responses to redirect Kerberos authentication to attacker-controlled AD CS, enabling certificate enrollment for persistent access.
kerberos
relay
adcs
cve-2026-20929
credential-access
2r
1t
1c
high
advisory
Potential Kerberos Relay Attack via Coerced Authentication against a Computer Account
3 rules 1 TTP 1 CVEDetects potential Kerberos relay attacks by identifying coercion attempts followed by authentication events using a target server's computer account, originating from a different host, indicating an attacker has captured and relayed Kerberos authentication material to execute code on behalf of the compromised system.
kerberos
relay
credential_access
windows
3r
1t
1c