Straw

Abstract

Microsoft’s LAPS is a tool for managing local administrator passwords of domain joined computers. LAPS stores the passwords/secrets in a cofidential attribute in the computer’s corresponding active directory object. LAPS eliminates the risk of Lateral Movement by generating Random passwords of local administrators. LAPS uses a Group Policy Client Side Extension (CSE) to perform all management tasks like generating password, validating it against the policy,etc,.

This talk will be focused on the adversial tactics of abusing LAPS which are as follows:
Identifying users who has ms-Mcs-AdmPwd Read Access** Dumping LAPS passwords in clear text++ Poisoning AdmPwd.dll* modifying searchFlags attribute of ms-Mcs-AdmPwd using DC Shadow+

Speaker

Ankit Joshi

Timing

Starts at Saturday September 08 2018, 10:30 AM. The sessions runs for about 1 hour.

Resources