Press "Enter" to skip to content

Month: November 2015

Abusing Active Directory Permissions with PowerView

One of my favorite presentations at Derbycon V was Sean Metcalf (@pyrotek3)’s talk “Red vs. Blue: Modern Active Directory Attacks & Defense“. In it, Sean had a section focused on “Sneaky AD Persistence Tricks”, meaning methods “by which an attacker could persist administrative access to Active Directory after having Domain Admin level rights for 5 minutes“. I wanted to show how one of the methods covered, the abuse of AdminSDHolder and SDProp, can be facilitated with new PowerView 2.0 functionality. Note: I did not discover this attack method. I also will only give a brief background on the underlying components, as Sean has…