The Reflective Kerberos Relay Attack is a technique to exploit the vulnerability CVE-2025-33073 that was discovered by RedTeam Pentesting in January 2025
The principle behind the attack is that we coerced a Windows host to connect to our attack system via SMB and authenticate via Kerberos. The Kerberos ticket is then relayed back to the same host again via SMB. Since coercion generally results in authentication of the respective computer account, we expected to obtain a low-privileged SMB session with the privileges of said computer account. Instead, however, the resulting SMB session had high-privileged NT AUTHORITY\\SYSTEMprivileges that are sufficient to execute arbitrary commands.
DCSynced via listener (ntlmrelayx):
https://github.com/mverschu/CVE-2025-33073