Silently turn off Active Directory Auditing using DCShadow
In Summary : One very interesting thing which I recently discovered is the ability to DCShadow to modify System Access Control List or SACL...
https://updatesinfosec.blogspot.com/2018/05/silently-turn-off-active-directory.html
In Summary :
One very interesting thing which I recently discovered is the ability to DCShadow to modify System Access Control List or SACL. When we enable auditing on success or failure on an AD object, an entry (called ACE - Access Control Entry) is added to the SACL of that object. The permissions to an object are controlled by a DACL. For example, we modified DACL of AdminSDHolder [...]
kindly refer the following link as follow up :
https://ift.tt/2FENbnI
One very interesting thing which I recently discovered is the ability to DCShadow to modify System Access Control List or SACL. When we enable auditing on success or failure on an AD object, an entry (called ACE - Access Control Entry) is added to the SACL of that object. The permissions to an object are controlled by a DACL. For example, we modified DACL of AdminSDHolder [...]
kindly refer the following link as follow up :
https://ift.tt/2FENbnI
