Detections
Analytics
DnsAdmins Exploitation
high
Language:
Description
DNSAdmins exploitation is an attack that allows members of the DNSAdmins group to take over control of a Domain Controller running the Microsoft DNS service. A member of the DNSAdmins group has rights to perform administrative tasks on the Active Directory DNS service. Attackers can abuse these rights to execute malicious code in a highly privileged context.
See Also
Abusing DNSAdmins privilege for escalation in Active Directory
Hunting DNS Server Level Plugin dll injection
Micropatch For Remote Code Execution by DNS Administrators (CVE-2021-40469)