Over the last months I’ve been exploring how Active Directory Automation Scripts (e.g. Logon Script, Logoff Script, Startup Script, Shutdown Script and so on) can become powerful attack vectors for privilege escalation and persistence, which led me to define a dedicated classification for these issues called SMISC1–SMISC5 (Script MISConfigurations). This research resulted in two things: 📘 Article: “Introducing ScriptScout: Transforming Smooth AD Automation Scripts into Attack Vectors” 🔗https://lnkd.in/dyJzfykd 🐍 Python tool: ScriptScout, which automatically discovers these misconfiguration classes in Active Directory Automation Scripts. 🔗 https://lnkd.in/duCZEv-V If you come up with new SMISC-style ideas, feel free to reach out, let’s do community & research together! #redteam #cybersecurity #activedirectory #pentesting
Great job Marco Zufferli!! Never seen anything like that! 🙌
Great article that explains in depth all the possible issues caused by GPO script misconfigurations