Beyond the MCSE Red Teaming Active Directory
DEFCON-24-Sean-Metcalf-Beyond-The-MCSE-Red-Teaming-Active-Directory
DEFCON-24-Sean-Metcalf-Beyond-The-MCSE-Red-Teaming-Active-Directory
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Interesting AD Facts:<br />
•Standard user account…<br />
• Elevated rights through “SID History”<br />
without being a member of any<br />
groups.<br />
• Ability to modify users/groups without<br />
elevated rights w/ custom OU ACLs.<br />
• Modify rights to an OU or domainlinked<br />
GPO, compromise domain.<br />
| @PryoTek3 | sean @ adsecurity.org |