The WriteSPN permission is technically a Write permission on the servicePrincipalName attribute. It allows a user to add, remove, or modify any SPN value without restrictions.
WriteSPN
Write
servicePrincipalName
This can be leveraged for Targeted Kerberoast or SPN Jacking.
Last updated 21 days ago
