Detections
Analytics

Property Sets Integrity

medium

Language:

Description

"Property Set" is a Microsoft Active Directory (AD) feature that facilitates the creation of permissions (Access Control List - ACL) for AD objects and enhances system performance. It serves as a mechanism for consolidating multiple attributes within an AD entity, which allows the system to reference them collectively within ACLs, rather than having to reference individual attributes separately.
This Indicator of Exposure aims to ensure that there are no misconfigurations or backdoors from malicious actors present in this type of object and the attributes within the AD schema. Currently, there are no known public attack vectors associated with the use of property sets. Therefore, you should focus primarily on addressing misconfigurations or peculiarities stemming from third-party products that use this feature.

Solution

Misconfigurations of property sets can significantly impact the security of the Active Directory. Hence, it is crucial to provide them with attention and supervision.

See Also

Control Access Rights (AD DS)

Property Sets (AD Schema)

Creating a Control Access Right

Windows Server Active Directory schema updates

Abusing forgotten permissions on computer objects in Active Directory

Indicator Details

Name: Property Sets Integrity

Codename: C-PROP-SET-SANITY

Severity: Medium

MITRE ATT&CK Information: