{"id":14445,"date":"2020-05-17T00:12:00","date_gmt":"2020-05-16T22:12:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=14445"},"modified":"2020-05-15T11:52:11","modified_gmt":"2020-05-15T09:52:11","slug":"sicherheit-admin-passwrter-in-windows-domains-finden","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/05\/17\/sicherheit-admin-passwrter-in-windows-domains-finden\/","title":{"rendered":"Security: Finding Passwords in Windows Domains"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=231718\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]The takeover of a domain controller by stolen admin passwords is a popular approach of cyber criminals. I stumbled upon an article on Twitter, explaining where attackers could find passwords on SYSVOL and via GPO preferences. <\/p>\n<p><!--more--><\/p>\n<p>I have no idea if and how this is relevant for administrators in this area &#8211; maybe it's an 'old hat', then igonore it. Otherwise it might be worth of reading it.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Finding Passwords in SYSVOL &amp; Exploiting Group Policy Preferences, by <a href=\"https:\/\/twitter.com\/PyroTek3?ref_src=twsrc%5Etfw\">@PyroTek3<\/a><a href=\"https:\/\/t.co\/d45cASXasa\">https:\/\/t.co\/d45cASXasa<\/a><\/p>\n<p>\u2014 DirectoryRanger (@DirectoryRanger) <a href=\"https:\/\/twitter.com\/DirectoryRanger\/status\/1260876823354839043?ref_src=twsrc%5Etfw\">May 14, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The details can be found in the article linked in the above tweet. Maybe it is helpful.  <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The takeover of a domain controller by stolen admin passwords is a popular approach of cyber criminals. I stumbled upon an article on Twitter, explaining where attackers could find passwords on SYSVOL and via GPO preferences.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[2443,69,194],"class_list":["post-14445","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-domain","tag-security","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=14445"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/14445\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=14445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=14445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=14445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}