Abusing Microsoft Local Administrator Password Solution null Mumbai Meet 08 September 2018 null Mumbai Meet 8th September 2018 null/OWASP Monthly Meet
Microsoft’s LAPS is a tool for managing local administrator passwords of domain joined computers. LAPS stores the passwords/secrets in a cofidential attribute in the computer’s corresponding active directory object. LAPS eliminates the risk of Lateral Movement by generating Random passwords of local administrators. LAPS uses a Group Policy Client Side Extension (CSE) to perform all management tasks like generating password, validating it against the policy,etc,.
This talk will be focused on the adversial tactics of abusing LAPS which are as follows:
Identifying users who has ms-Mcs-AdmPwd Read Access** Dumping LAPS passwords in clear text++ Poisoning AdmPwd.dll* modifying searchFlags attribute of ms-Mcs-AdmPwd using DC Shadow+
Starts at Saturday September 08 2018, 10:30 AM. The sessions runs for about 1 hour.