Active Directory & Enterprise Security, Methods to Secure Active Directory, Attack Methods & Effective Defenses, PowerShell, Tech Notes, & Geek Trivia…

October 2018 archive

Oct 11 2018

From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration

By Sean Metcalf in ActiveDirectorySecurity, Microsoft Security, Technical Reference

It’s been almost 1.5 years since the Medium post by Shay Ber was published that explained how to execute a DLL as SYSTEM on a Domain Controller provided the account is a member of DNSAdmins. I finally got around to posting here since many I speak with aren’t aware of this issue. Shay describes this …

Active Directory, DNS server object permission, DNSAdmins, DnsPluginCleanup, DnsPluginInitialize, DnsPluginQuery, Domain Controller, from DNSAdmin to Domain Admin, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters\ServerLevelPluginDll, mimikatz dll, run DLL on Domain Controller, ServerLevelPluginDll, UUID is 50ABC2A4–574D-40B3–9D66-EE4FD5FBA076, \PIPE\DNSSERVER

Oct 10 2018

Domain Controller Print Server + Unconstrained Kerberos Delegation = Pwned Active Directory Forest

By Sean Metcalf in ActiveDirectorySecurity, Exploit, Hacking, Microsoft Security, Security Conference Presentation/Video

At DerbyCon 8 (2018) over the weekend Will Schroeder (@Harmj0y), Lee Christensen (@Tifkin_), & Matt Nelson (@enigma0x3), spoke about the unintended risks of trusting AD. They cover a number of interesting persistence and privilege escalation methods, though one in particular caught my eye. Overview Lee figured out and presents a scenario where there’s an account …

Copyright

Content Disclaimer: This blog and its contents are provided "AS IS" with no warranties, and they confer no rights. Script samples are provided for informational purposes only and no guarantee is provided as to functionality or suitability. The views shared on this blog reflect those of the authors and do not represent the views of any companies mentioned. Content Ownership: All content posted here is intellectual work and under the current law, the poster owns the copyright of the article. Terms of Use Copyright © 2011 - 2020.

Made with by Graphene Themes.

October 2018 archive

From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration

Domain Controller Print Server + Unconstrained Kerberos Delegation = Pwned Active Directory Forest

Recent Posts

Trimarc Active Directory Security Services

Popular Posts

Categories

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright

October 2018 archive

From DNSAdmins to Domain Admin, When DNSAdmins is More than Just DNS Administration

Domain Controller Print Server + Unconstrained Kerberos Delegation = Pwned Active Directory Forest

Recent Posts

Trimarc Active Directory Security Services

Popular Posts

Categories

Tags

Recent Posts

Recent Comments

Archives

Categories

Meta

Copyright