Tag
Attackers can modify the msPKIAccountCredentials attribute in Active Directory user objects to abuse credential roaming, potentially overwriting files for privilege escalation, by injecting malicious credential objects.