Beyond the MCSE Red Teaming Active Directory
DEFCON-24-Sean-Metcalf-Beyond-The-MCSE-Red-Teaming-Active-Directory
DEFCON-24-Sean-Metcalf-Beyond-The-MCSE-Red-Teaming-Active-Directory
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Read-Only Domain Controllers<br />
• Read-only DC, DNS, SYSVOL<br />
• RODC Admin delegation to non DAs<br />
• No passwords cached (default)<br />
• KRBTGT cryptographically isolated<br />
• RODC escalation via delegation<br />
• msDS-Au<strong>the</strong>nticatedToAccountList<br />
| @PryoTek3 | sean @ adsecurity.org |