Who Let The Dogs Out 🐾Oct 19

πŸ”‘ Golden DMSA

#ad #windows #vulnerability #dmsa #kerberos #persistence

Critical vulnerability in Windows Server 2025 allows attackers with KDS root key access to generate passwords for all dMSA/gMSA accounts forest-wide. New research reveals design flaw in ManagedPasswordId structure - only 1,024 possible combinations makes brute-force trivial.

πŸ”— Research:
https://www.semperis.com/blog/golden-dmsa-what-is-dmsa-authentication-bypass/

πŸ”— Source:
https://github.com/Semperis/GoldenDMSA

MathieuBMay 23, 2025
#BadSuccessor: Abusing #dMSA to Escalate Privileges in Active Directory
https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
KSev πŸ‡³πŸ‡΄πŸŒ»πŸš²May 21, 2025

"While we appreciate Microsoft’s response, we respectfully disagree with the severity assessment."

BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory

#dMSA #ActiveDirectory #WindowsServer2025
https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory#mitigation

Nicola FerriniSep 30, 2024

Active Directory Managed Service Accounts – sMSA, gMSA e dMSA

https://www.ictpower.it/sistemi-operativi/active-directory-managed-service-accounts-smsa-gmsa-e-dmsa.htm

#ActiveDirectory #Security #Cybersecurity #ManagedServiceAccounts #ITPro #gMSA #dMSA #ICTPower

Steve EmanuelsonSep 29, 2024
Thought I had a good plan for service accounts in my #ActiveDirectory domain by migrating to #dMSA but learned that each managed server must be running #Windows2025 So instead of migrating service accounts this year, it might be 3 or 4 years from now.
Steve EmanuelsonJan 28, 2024
I was not even keeping up to date with #ActiveDirectoryNext but I stumbled upon a few posts and discussions about it. Wow! I'm ready to implement #dMSA yesterday. What a fantastic option to address all of those legacy application service accounts that love to use insecure configurations. #ActiveDirectory