Microsoft Key Distribution Service description from MS Docs

Introducing the Golden GMSA Attack

This article introduces a new attack targeting Group Managed Service Accounts (gMSA), dubbed the “Golden GMSA” attack, allowing attackers to dump Key Distribution Service (KDS) root key attributes and then generate the password for all the associated gMSAs offline.  TL;DR An attacker with high privileges can obtain all the ingredients ... Read More
Setting Primary Group in Active Directory

How Attackers Can Use Primary Group Membership to Infiltrate Active Directory

| | Active Directory, Ransomware
Identity systems—particularly Active Directory, which is the primary identity store for most businesses—are constantly under attack by cybercriminals because they are the gateway to an organization’s critical information systems, including valuable customer data. Here we’ll explore a little-known Discretionary Access Control List (DACL) tactic that attackers can use to hide ... Read More
Restart pszOperation

DnsAdmins Revisited

| | Uncategorized
How Potential Attackers Can Achieve Privileged Persistence on a DC through DnsAdmins   The Semperis Research Team recently expanded on previous research showing a feature abuse in the Windows Active Directory (AD) environment where users from the DnsAdmins group could load an arbitrary DLL into a DNS service running on ... Read More