Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Shadow Credentials is an Active Directory attack that abuses the msDS-KeyCredentialLink attribute to add certificate-based credentials to an account, enabling stealthy impersonation, persistence, and privilege escalation.
Shadow Credentials Definition: Shadow Credentials is an Active Directory attack that abuses the msDS-KeyCredentialLink attribute to add certificate-based credentials to an account, enabling stealthy impersonation, persistence, and privilege escalation.
Shadow Credentials is an Active Directory attack technique in which an adversary writes attacker-controlled key credentials to the msDS-KeyCredentialLink attribute of a user or computer account. This adds an alternate certificate-based credential to the target account, allowing the attacker to authenticate as that account via PKINIT and Kerberos without changing its password. Because the original credentials remain valid, the technique provides a stealthy means of persistence and privilege escalation, and detecting and removing these planted key credentials is critical to maintaining account integrity.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →