An attacker with high privileges can obtain all the ingredients for generating the password of any gMSA in the domain at any time with two steps:
- Retrieve several attributes from the KDS root key in the domain
- Use the GoldenGMSA tool to generate the password of any gMSA associated with the key, without a privileged account.
Introducing the Golden GMSA Attack | Semperis
Or Yair, Security Researcher at SafeBreach Labs (Breach and Attack Simulation Platforms | New Solutions (safebreach.com)) explains why GMSAs present such a threat.
-
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security