Tag
high
advisory
Potential DMSA Abuse for Privilege Escalation
2 rules 1 TTPDetection of potential abuse of Default Message Security Agent (DMSA) for privilege escalation on Windows systems, based on registry modifications.
Windows
privilege-escalation
dmsa
2r
1t
high
advisory
Suspicious Domain Managed Service Account Creation by Unusual User
2 rules 1 TTPDetection of a Domain Managed Service Account (DMSA) creation event by a user that typically does not perform this administrative task, potentially indicating privilege escalation or account compromise.
Windows Server +1
privilege-escalation
active-directory
dmsa
2r
1t
medium
advisory
Creation of New DMSA Service Account Potentially Exploiting BadSuccessor Vulnerability
2 rules 2 TTPsThe creation of a new Delegated Managed Service Account (DMSA) within specific Organizational Units (OUs) using the New-ADServiceAccount cmdlet is indicative of potential BadSuccessor privilege escalation attempts in Windows Server 2025 Active Directory environments.
Windows Server +1
privilege-escalation
active-directory
bad-successor
dmsa
2r
2t