Skip to content

Whiskers

Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.

Installation

Repo: https://github.com/eladshamir/Whisker

This tool is based on code from DSInternals by Michael Grafnetter (@MGrafnetter).

For this attack to succeed, the environment must have a Domain Controller running at least Windows Server 2016, and the Domain Controller must have a server authentication certificate to allow for PKINIT Kerberos authentication.

More details are available at the post Shadow Credentials: Abusing Key Trust Account Mapping for Takeover.

We download a zip of the project, open the folder as a project in Visual Studio and double click on Whisker.sln.

1
dotnet build -c Release

Or directly by using the Visual Studio Run button.

Last update: 2025-12-21
Created: December 21, 2025 12:46:39