July 1, 2017

An Ace up the Sleeve: Designing Active Directory DACL Backdoors

by Andy Robbins, Will Schroeder

Active Directory (AD) object discretionary access control lists (DACLs) are an untapped offensive landscape, often overlooked by attackers and defenders alike. The control relationships between AD objects align perfectly with the "attackers think in graphs" philosophy and expose an entire class of previously unseen control edges, dramatically expanding the number of paths to complete domain compromise.