[German]The takeover of a domain controller by stolen admin passwords is a popular approach of cyber criminals. I stumbled upon an article on Twitter, explaining where attackers could find passwords on SYSVOL and via GPO preferences.
I have no idea if and how this is relevant for administrators in this area – maybe it's an 'old hat', then igonore it. Otherwise it might be worth of reading it.
— DirectoryRanger (@DirectoryRanger) May 14, 2020
The details can be found in the article linked in the above tweet. Maybe it is helpful.
Cookies helps to fund this blog: Cookie settings