MODIFYING SECURITY DESCRIPTORS
This is a Domain Persistence technique
MODIFYING SECURITY DESCRIPTORS FOR WMI-REMOTING
Needs Domain Admin privileges to modify the Security Descriptors
The default WMI namespace is Root/CIMV2
Specified user will be added to the Root/CIMV2 namespace of the Domain Controller
To get list of all WMI classes
Executing WMI queries on Domain Controller (HOST + RPCSS = WMI)
It can be used for persistence, to access WMI queries and It doesn't need special privileges anymore for the normal user to query it
MODIFYING SECURITY DESCRIPTORS FOR PS-REMOTING
Needs Domain Admin privileges to modify the Security Descriptors
(Ignore the "I/O Operation Error", In some case it might show)
Requires Logoff and Logon for the specific user to implement this change
Specified user will be granted privilege for PowerShell Remoting for Domain Controller
It can be used for persistence, to pass commands through PS-Remoting and It doesn't need special privileges anymore for the normal user
Last updated