SyncLAPSPassword

Abuse Info

To abuse these privileges, use DirSync: Sync-LAPS -LDAPFilter ‘(samaccountname=TargetComputer$)’ For other optional parameters, view the DirSync documentation.

Opsec Considerations

Executing the attack will generate a 4662 (An operation was performed on an object) event at the domain controller if an appropriate SACL is in place on the target object.

References

https://github.com/simondotsh/DirSync
https://simondotsh.com/infosec/2022/07/11/dirsync.html

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

Abuse Info

Opsec Considerations

References

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

​Abuse Info

​Opsec Considerations

​References

Abuse Info

Opsec Considerations

References