ACL Abuse
Abuse of ACL access rights to achieve lateral movement
Lateral Movement and Privilege Escalation
Move from account to account, service to service, and machine to machine while escalating your privileges until you compromise the domain.
Categories:
Lateral movement and privilege escalation within the Active Directory domain is a gradual and cyclical process of analyzing the access our account(s) have on the domain’s principals (other users, groups, machines, services), and abusing those accesses to either access other machines or services, or other more-privileged accounts. We repeat this process with the end-goal of achieving total domain compromise.
Misconfigurations of accesses and privileges are what enables attacker’s movement with Active Directory. Rather than obtaining access after exploiting a vulnerability, more commonly, the attacker simply logs in.
Kerberos
Abusing the ticket-based authentication and authorization protocol that governs the operation of Active Directory
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.