DEF CON 25 - Andy Robbins, Will Schroeder - Designing Active Directory DACL Backdoors

preview_player
Показать описание
Active Directory (AD) object discretionary access control lists (DACLs) are an untapped offensive landscape, often overlooked by attackers and defenders alike. The control relationships between AD objects align perfectly with the "attackers think in graphs" philosophy and expose an entire class of previously unseen control edges, dramatically expanding the number of paths to complete domain compromise.

While DACL misconfigurations can provide numerous paths that facilitate elevation of domain rights, they also present a unique chance to covertly deploy Active Directory persistence. It's often difficult to determine whether a specific AD DACL misconfiguration was set intentionally or implemented by accident. This makes Active Directory DACL backdoors an excellent persistence opportunity: minimal forensic footprint, and maximum plausible deniability.
  1. DEFCONConference
  2. DEF CON
  3. DEF CON25
  4. DEF CON 25
  5. DC25
  6. Dc-25
Рекомендации по теме
DEF CON 25 0:43:24

DEF CON 25 - Andy Robbins, Will Schroeder - Designing Active Directory DACL Backdoors

DEF CON 25 0:36:56

DEF CON 25 IoT Village - Andrew Tierney, Ken Munro - IoT From DVRs to Dildos

DEF CON 25 0:35:02

DEF CON 25 Recon Village - Andrew Hay - An Introduction to Graph Theory for OSINT

DEF CON 25 0:47:23

DEF CON 25 Crypto and Privacy Village - Andrew Brandt - SSL Visibility Revisted: A Year In Privacy I

DEF CON 25 0:31:48

DEF CON 25 Wifi Village - Andrew Strutt - Suitcase Repeater Build for UHF 70cm

DEF CON 25 0:28:35

DEF CON 25 Wifi Village - Andrew Strutt - POCSAG Amateur Pager Network

DEF CON 25 0:50:06

DEF CON 25 Crypto and Privacy Village - Trey Forgety - Protecting Users' Privacy

DEF CON 29 0:29:45

DEF CON 29 Recon Village - Andy Dennis - Using Passive DNS for gathering Business Intelligence

DEF CON 25 0:19:13

DEF CON 25 Recon Village - Kunal Aggarwal - DataSploit Open Source Assistant for OSINT

DEF CON 25 0:32:39

DEF CON 25 - Matt Knight - Radio Exploitation 101

DEF CON 25 0:52:51

DEF CON 25 Wifi Village - Nick Delewski - Failsafe: Yet Another SimpliSafe Attack Vector

DEF CON 25 0:44:21

DEF CON 25 Recon Village - Shane MacDougal - Keynote: Seeing is Believing The Future of Recon

DEF CON 25 0:21:52

DEF CON 25 Rootz Asylum - David Weinman - Introduction To Cheat Engine

DEF CON 25 0:25:04

DEF CON 25 Crypto and Privacy Village - Punky Duero - The Key Management Facility of The Root DNSSEC

DEF CON 25 0:32:54

DEF CON 25 SE Village - Tyler Rosonke - Social Engineering With Web Analytics

DEF CON 25 0:52:33

DEF CON 25 Crypto and Privacy Village - Jake Williams -The Symantec SSL Debacle Lessons Learned

DEF CON 25 0:47:03

DEF CON 25 - Inbar Raz, Eden Shochat - From One Country, One Floppy to Startup Nation

DEF CON 25 0:23:52

DEF CON 25 Car Hacking Village - Vlad Gostomelsky - GPS System Integrity

DEF CON 25 0:18:52

DEF CON 25 - Josh Datko, Chris Quartier - Breaking Bitcoin Hardware Wallets

DEF CON 25 0:11:03

DEF CON 25 Recon Village - Dakota Nelson -Total Recoll

DEF CON 25 0:24:11

DEF CON 25 ICS Village - Arnaud Soullié - Fun with Modbus 0x5a Nothing New Still Relevant?

DEF CON 25 0:35:12

DEF CON 25 - Steinthor Bjarnason, Jason Jones - The call is coming from inside the house

DEF CON 25 0:38:56

DEF CON 25 - Svea Eckert, Andreas Dewes - Dark Data

DEF CON 25 0:30:22

DEF CON 25 - Hanno Bõck - Abusing Certificate Transparency Logs

Комментарии
Автор

I have this scenario

user1 --> member of group --> that group is a member of a another group --> and this group have force password change on a user2.

So i tried to change the password of user2 from user1 it says "access denied"

Can I expect any suggestions from this?

utkarshagrawal