The UnRightful Heir - My dMSA Is Your New Domain Admin

Name: The UnRightful Heir - My dMSA Is Your New Domain Admin
Description: Yuval Gordon, a security researcher at Akamai Technologies, presented a critical vulnerability in Windows Server's newest identity feature: Delegated Managed Service Accounts (dMSA). Introduced by Mic

Yuval Gordon

DEF CON 33 · Day 1 · Main Stage

Yuval Gordon, a security researcher at Akamai Technologies, presented a critical vulnerability in Windows Server's newest identity feature: Delegated Managed Service Accounts (dMSA). Introduced by Mic

AI review

Yuval Gordon demonstrates 'Bad Successor' — a low-privilege Active Directory attack leveraging a design flaw in the new dMSA feature to achieve full domain compromise and mass credential harvesting without a single Domain Admin right.

Watch on YouTube