🖊️ Author: Nairuz Abulhul
🌐 Blog: R3dbuck3t
<aside> 📌 There are four different types of trusts
IntraForest trusts are trusts that happen with all domains within the forest. These trusts are transitive, meaning users in one domain can access information from other domains within the existing forest.InterForest trusts are trusts that happen between two (2) different forests. These trusts are transitive, meaning users in one forest can access resources in another (of course, the access permissions depend on the trust directions, one-way or two-ways).Shortcut trust is a domain-to-domain trust within the same forest created to optimize authentication and session ticket requests between domains. This trust leverages Kerberos authentication.External trusts are domain-to-domain trusts in which a domain trusts an external domain, a domain completely separate from itself and not within the same forest. This trust leverages NTLM for authentication and cannot use Kerberos.Kerberos is used to extend the Kerberos realm to include other realms that are not an active directory forest. It is not used very often.
</aside>Domain Directions
<aside>
💡 Without SID Filtering, a user sends all of their tokens to the other trusted domain or forest that would give them the same level of privileges they have on their current domain. For example, if a user is a member of a domain admins group in one domain, they would automatically be domain admins in the other trusted domain when logged into it.
With SID Filtering, a user sends only a specific token to the other trusted domains/forest. The filter removes all the SIDs for built-in privileged groups before allowing the user to access the resources in the other trusted domain.
</aside>
<aside> 📌 You might need to bypass AMSI
</aside>
PowerView
List all domain trusts of the current domain
**Get-NetDomainTrust**
Get all the available trusts of the specific identified domain/child-domain