Gaining Domain Admin from Outside Active Directory


(Dr.zel0st) #1

So, I am again up with a new article to share. It is a great write-up by Rob Brown. It is about penetration testing an Active Directory. This is useful for the penetration testers who are into internal penetration testing.

(oaktree) #2

Do you have any more comments or concerns about it? Maybe some discussion questions?

(sloth) #3

Well, LAPS should solve this issue, right?

nvm: just for domain joined pc’s, my bad!


So would this work if the network was using 802.1x? Like if you needed a client certificate to get into the domain network?

(sloth) #5

That doesn’t have anything to do with the Local Administrator Account. Sure, the attacker would have a harder time getting into the network, but the actual vulnerability was that the not-joined PC did not have the GPO.