AD Connect Server Hack: Backdoor Password Vulnerability Explained #shorts
About this talk
What happens if an AD Connect server is compromised? Attacker patches logon functions to enable backdoor access with a 'banana' password. Remote login to any account becomes possible. #ADSecurity #CyberSecurity #Hacking #NetworkSecurity #InfoSec
Show transcript [en]
What could possibly go wrong in this setup if someone compromises that AD Connect server? Well, there are some like AD internals as an implementation for this and there's multiple ways to do it, but essentially you can patch the logon user W function and say something like, you know, if I don't care about the username, but if the password is banana, then say that the login is successful. And then you have a backdoor password you can can log into whatever account you want.
Related talks
0:38Microsoft Security: Safe PC or Password Risk? #shorts
BSides Frankfurt
0:41IP Geolocation Inaccuracy: Understanding Network Routing #shorts
BSides Frankfurt
0:18Vibe Coding Explained: Simple Rules for Secure Programs #shorts
BSides Frankfurt
0:22Microsoft Shared Folder Error 1272: Security Policy Explained #shorts
BSides Frankfurt
0:25Impossible Game Bot: The Ultimate Training Data Challenge #shorts
BSides Frankfurt
1:22Microsoft Share Error: Security Policies & Honeypot Gold! #shorts
BSides Frankfurt