Active Directory Recon is the new hotness since attackers, Red Teamers, and penetration testers have realized that control of Active Directory provides power over the organization. I covered ways to enumerate permissions in AD using PowerView (written by Will @harmj0y) during my Black Hat & DEF CON talks in 2016 from both a Blue Team …
Tag: S-1-5-32-548
Jun 14 2017
Scanning for Active Directory Privileges & Privileged Accounts
- Account Operators, Active Directory permissions, Active Directory PRivileged Access, Active Directory Security, AD, AD ACLs, AD Delegation, AD groups in Local Groups, AD Security, AdminSDHolder, Allow logon locally, Allow logon over Remote Desktop Services, Backup Operators, Bloodhound, Create GPO rights, CreateChild, DCSync, DeleteChild, Domain Admins, Enable computer and user accounts to be trusted for delegation, Enterprise Admins, Extended Right, Full Control, GenericAll, GenericWrite, GPO, Greoup Policy Delegation, Group Membership, Group Policy Object, Group Policy Permission, Impersonate a client after authentication, Link GPO rights, Manage auditing and security log, Manage Group Policy link, PowerView, Print Operators, Replicating Directory Changes All, Restricted Groups, S-1-5--512, S-1-5--517, S-1-5--520, S-1-5-21--1102, S-1-5-21--519, S-1-5-21--525, S-1-5-21--571, S-1-5-32--574, S-1-5-32-544, S-1-5-32-548, S-1-5-32-550, S-1-5-32-551, S-1-5-32-554, S-1-5-32-562, S-1-5-32-573, S-1-5-32-578, SACL, Schema Admins, SDDL, SDProp, Self, SeMachineAccountPrivilege, SeNetworkLogonRight, SeTcbPrivilege, SeTrustedCredManAccessPrivilege, SIDHistory, Synchronize directory service data, User Rights Assignments, Validated Write, WriteDACL, WriteOwner, WritePRoperty
- 2 comments
Recent Posts
- Attacking Active Directory Group Managed Service Accounts (GMSAs)
- From Azure AD to Active Directory (via Azure) – An Unanticipated Attack Path
- What is Azure Active Directory?
- Slides Posted for Black Hat USA 2019 Talk: Attacking & Defending the Microsoft Cloud
- AD Reading: Windows Server 2019 Active Directory Features
Trimarc Active Directory Security Services
Have concerns about your Active Directory environment?
Trimarc helps enterprises improve their security posture.
Find out how... TrimarcSecurity.com
Popular Posts
- PowerShell Encoding & Decoding (Base64)
- Attack Methods for Gaining Domain Admin Rights in…
- Kerberos & KRBTGT: Active Directory’s…
- Finding Passwords in SYSVOL & Exploiting Group…
- Securing Domain Controllers to Improve Active…
- Securing Windows Workstations: Developing a Secure Baseline
- Mimikatz DCSync Usage, Exploitation, and Detection
- Detecting Kerberoasting Activity
- Scanning for Active Directory Privileges &…
- The Most Common Active Directory Security Issues and…
Categories
- ActiveDirectorySecurity
- Apple Security
- Cloud Security
- Continuing Education
- Entertainment
- Exploit
- Hacking
- Hardware Security
- Hypervisor Security
- Linux/Unix Security
- Malware
- Microsoft Security
- Mitigation
- Network/System Security
- PowerShell
- RealWorld
- Security
- Security Conference Presentation/Video
- Security Recommendation
- Technical Article
- Technical Reading
- Technical Reference
- TheCloud
- Vulnerability
Tags
ActiveDirectory
Active Directory
ActiveDirectoryAttack
ActiveDirectorySecurity
Active Directory Security
ADReading
ADSecurity
AD Security
DCSync
DEFCON
DomainController
EMET5
GoldenTicket
HyperV
Invoke-Mimikatz
KB3011780
KDC
Kerberos
KerberosHacking
KRBTGT
LAPS
LSASS
MCM
MicrosoftEMET
MicrosoftWindows
mimikatz
MS14068
PassTheHash
PowerShell
PowerShellCode
PowerShellHacking
PowerShellv5
PowerSploit
Presentation
Security
SIDHistory
SilverTicket
SneakyADPersistence
SPN
TGS
TGT
Windows10
WindowsServer2008R2
WindowsServer2012
WindowsServer2012R2