Backup Operator accounts are ubiquitous and often overlooked by both blue and red teams. These accounts have abusable permissions and are rarely maintained properly. In this webinar, we will examine and demonstrate novel techniques to stealthily compromise Active Directory through the Backup Operator’s account. We will use the Backup Operator account to gain local Admin privilege, establish persistence, and pivot laterally throughout a domain. However, all is not lost in that we can further lockdown our systems and enable auditing measures to deter and detect these attacks
Presented by Dave Mayer, Head of the Red Team and Senior Security Consultant, InGuardians
Slides – The Backup Operators Guide to the Galaxy