SID filter as security boundary between domains?
Microsoft states that "the forest (not the domain) is the security boundary in an Active Directory implementation", meaning that Domain Admins of a child domain is essentially as privileged as Enterprise Admins in a root domain and will have administrative rights in all domains of the forest. Why? We guessed that the default trust between domains inside a forest enables any child domain to trick the root domain to treat child domain users as Enterprise Admins by abusing the SID history (ExtraSids) functionality – this attack/technique is known as "Access Token Manipulation: SID-History Injection" and is explained in a later part of this series.
Kerberos authentication explained (Part 1)
Known AD attacks - from child to parent (Part 2)
SID filtering explained (Part 3)
Bypass SID filtering research (Part 4)
Golden GMSA trust attack - from child to parent (Part 5)
Schema change trust attack - from child to parent (Part 6)
Trust account attack - from trusting to trusted (Part 7)
#ad #trust #kerberus #research
Microsoft states that "the forest (not the domain) is the security boundary in an Active Directory implementation", meaning that Domain Admins of a child domain is essentially as privileged as Enterprise Admins in a root domain and will have administrative rights in all domains of the forest. Why? We guessed that the default trust between domains inside a forest enables any child domain to trick the root domain to treat child domain users as Enterprise Admins by abusing the SID history (ExtraSids) functionality – this attack/technique is known as "Access Token Manipulation: SID-History Injection" and is explained in a later part of this series.
Kerberos authentication explained (Part 1)
Known AD attacks - from child to parent (Part 2)
SID filtering explained (Part 3)
Bypass SID filtering research (Part 4)
Golden GMSA trust attack - from child to parent (Part 5)
Schema change trust attack - from child to parent (Part 6)
Trust account attack - from trusting to trusted (Part 7)
#ad #trust #kerberus #research
itm8.dk
Skal vi skabe nutidens og fremtidens IT sammen? itm8
Hvad er en itm8? Vi er præcis, hvad navnet siger: Din m8* (*mate), der er ekspert i IT. Vi er din partner til 360 graders IT.
👍1
🔥3