Trust no one: are one-way trusts really one way?
Summary
Security-focused deep-dive into one-way Active Directory trusts, revealing how a trusted-domain object can be exploited to pivot into the trusted domain using a new tdo_dump.py tool and related techniques. The post discusses practical commands and artifacts, highlighting defense considerations and potential abuse scenarios for attackers.