The post explains how attackers exploit the AddSelf permission in Active Directory to escalate privileges, join privileged groups like Domain Admins or Backup Operators, and carry out further attacks. It outlines the necessary lab setup and tools required for simulation, details the exploitation process, and provides detection
Table of contents
Table of ContentsAddSelf PermissionPrerequisitesLab Setup – User Owns AddSelf Permission on the Domain Admin GroupExploitation Phase I – User Owns AddSelf Permission on the Domain Admins GroupBloodhound – Hunting for Weak PermissionMethod for Exploitation – Account Manipulation (T1098)Post Exploitation – Dumping hashes with ImpacketLab Setup – User Owns AddSelf Permission on the Backup Operators GroupExploitation Phase I – User Owns AddSelf Permission on the Backup Operators GroupBloodhound – Hunting for Weak PermissionMethod for Exploitation – Account Manipulation (T1098)Post Exploitation – Dumping hashes with ImpacketDetection & MitigationSort: