Tag
high
advisory
AdminSDHolder SDProp Exclusion Added
3 rules 1 TTPModification of the dsHeuristics attribute to exclude groups from SDProp in Active Directory can allow attackers to maintain persistent access to privileged accounts.
Active Directory
active-directory
persistence
adminsdholder
sdprop
3r
1t
high
advisory
AdminSDHolder Backdoor via Active Directory Modification
2 rules 1 TTPDetects modifications to the AdminSDHolder object in Active Directory, which attackers can abuse via the SDProp process to implement a persistent backdoor by manipulating permissions on protected accounts and groups to regain administrative privileges.
Active Directory
persistence
adminsdholder
2r
1t