I've just finished writing two small articles about LDAP Relay and Group Policy Hijacking that i described some time ago in russian. Both techniques are not new but i bet a lot of researchers and security guys do not have a clue about them. It is worth mentioning that these techniques are already fully implemented in Intercepter-NG. They allow you to obtain access in the domain network in an absolutely different way.
PDF:
LDAP Relay. NTLM Strikes back again.
Group Policy Hijacking.
PDF:
LDAP Relay. NTLM Strikes back again.
Group Policy Hijacking.
