Applies to BloodHound Enterprise and CE

Abuse Info

To abuse these privileges, use DirSync: Sync-LAPS -LDAPFilter ‘(samaccountname=TargetComputer$)’ For other optional parameters, view the DirSync documentation.

Opsec Considerations

Executing the attack will generate a 4662 (An operation was performed on an object) event at the domain controller if an appropriate SACL is in place on the target object.

References