Abusing multicast poisoning for pre-authenticated Kerberos relay over

Kerberos relaying over HTTP is possible through multicast poisoning, as discovered by James Forshaw. This attack vector, implemented in Responder and krbrelayx, allows attackers to intercept and relay Kerberos authentication requests, potentially leading to high-impact privilege escalation scenarios. The article discusses the theory behind the attack and provides an implementation example.