[German]The takeover of a domain controller by stolen admin passwords is a popular approach of cyber criminals. I stumbled upon an article on Twitter, explaining where attackers could find passwords on SYSVOL and via GPO preferences.
Advertising
I have no idea if and how this is relevant for administrators in this area – maybe it's an 'old hat', then igonore it. Otherwise it might be worth of reading it.
Finding Passwords in SYSVOL & Exploiting Group Policy Preferences, by @PyroTek3https://t.co/d45cASXasa
— DirectoryRanger (@DirectoryRanger) May 14, 2020
The details can be found in the article linked in the above tweet. Maybe it is helpful.
