Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

An ACE Up the Sleeve - Designing Active Directory DACL Backdoors

Black Hat via YouTube

Start learning Write review
Datacamp Ad

PowerBI Data Analyst - Create visualizations and dashboards from scratch

Learn More → Boot.dev Ad

The Most Addictive Python and SQL Courses

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the untapped offensive landscape of Active Directory (AD) object discretionary access control lists (DACLs) in this Black Hat conference talk. Delve into how control relationships between AD objects align with the "attackers think in graphs" philosophy, exposing a new class of control edges that expand paths to domain compromise. Learn about elevation vs. persistence techniques, targeting various AD objects, and understanding AD generic and control rights. Discover stealthy primitives, hidden DCSync backdoors, and the implications for tools like LAPS. Examine the impact on event logs, replication metadata, and potential future developments in this critical area of cybersecurity.

Syllabus

Intro
Disclaimer
Why Care?
Previous Work
DS_CONTROL_ACCESS
SRM and Canonical ACE Order
Elevation vs. Persistence
Target: User Objects
Target: Group Objects
Target: Computer Objects
Target: Domain Objects
AD Generic Rights
AD Control Rights
BloodHound Analysis
Objective
Stealth Primitive
Primitives: Summary
A Hidden DCSync Backdoor
Admin SDHolder
Domain user can access AdmPwd! LAPS cmdlet doesn't detect it!
Exchange Strikes Back
Event Logs
Replication Metadata
Future Work

Taught by

Black Hat

Reviews

Start your review of An ACE Up the Sleeve - Designing Active Directory DACL Backdoors

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.