Access controls

Theory

In , and identified a set of vectors of domain persistence based on access control misconfigurations (dubbed DPERSIST3).

Active Directory Certificate Services add multiple objects to AD, including securable ones which principals can have permissions over. This includes Certificate templates, Certificate Authorities, CA server, etc.

In the same research papers, domain escalation techniques abusing misconfigurated access controls were identified dubbed , and ).

If an attacker obtains sufficient permissions in a domain, he could modify security descriptors of AD CS components, in order to make them vulnerable to the attacks mentioned in Movement > AD-CS > Access controls.

These modifications can be made with tools like or with ( module), as explained in .

PreviousCertificate authority NextGolden certificate

Last updated 1 year ago

Was this helpful?