Hello!

i'm studying the Skeleton Key Attack, in the original paper (https://www.virusbulletin.com/uploads/pdf/magazine/2016/vb201601-skeleton-key.pdf) they described that this attack is able to modify both SSP "MSV" (NTLM Authentication) & "kerberos.dll" (Kerberos Authentication) installing a backdoor inside these protocols.

But in my test with "misc::skeleton" it appears that Mimikatz modifies only the SSP "Kerberos.dll", i tried with:

net use (wireshark says it use Kerberos) and it works
psexec of sysinternal (wireshark says it use Kerberos) and it works
Enter-PSSession (wireshark says it use Kerberos) and it works

Can you please tell me if I'm wrong?

On my Kali using "psexec" of Impacket (or also crackmapexec) (wireshark says it use NTLM) and it NOT works as you can see in the screenshot.