Lab of a Penetration Tester: Abusing DNSAdmins privilege for escalation in Active Directory Logo

Lab of a Penetration Tester: Abusing DNSAdmins privilege for escalation in Active Directory

0
Free
Visit Website

This lab demonstrates how to escalate privileges in an Active Directory environment by abusing the DNSAdmins privilege. The lab explains how a user who is a member of the DNSAdmins group or has write privileges to a DNS server object can load an arbitrary DLL with SYSTEM privileges on the DNS server. The lab setup includes enumerating users who are part of the DNSAdmins group using PowerView and targeting the buildadmin user in a real-world scenario.

FEATURES

ALTERNATIVES

A cloud-based platform that discovers, monitors, and manages non-human identities and their associated credentials across cloud infrastructure.

Commercial

A NodeJS/Typescript library for generating IAM Policy Actions Statements for AWS CDK with predefined constants and a factory class.

Free

Redirects EC2 metadata API traffic to a container that retrieves temporary AWS credentials and proxies other calls to the EC2 metadata API.

Free

Provision, manage, and renew SSL/TLS certificates for your AWS resources with AWS Certificate Manager.

Free

Tool for generating AWS IAM policy statements with a fluent interface.

Free

AWS IAM Security Assessment tool for identifying violations of least privilege and generating risk-prioritized reports.

Free

Okta Workforce Identity Cloud is an identity and access management platform that provides secure, streamlined access for an organization's workforce across various applications and resources.

Commercial

AWS IAM Access Analyzer is a tool for implementing and maintaining least privilege access in AWS environments through automated analysis and validation of IAM policies and permissions.

Commercial

PINNED