Active Directory Members Only

AdminSDHolder & SDProp Abuse

AdminSDHolder is an AD object that acts as a template for the ACLs of all protected accounts. SDProp runs every 60 minutes and overwrites the ACLs of every protected group member with a copy of the AdminSDHolder ACL. Backdoor AdminSDHolder once, and your ACE propagates to every DA, EA, and Schema Admin automatically — forever.

Related Articles

Related Cheatsheets

4
active-directory

Responder — LLMNR/NBT-NS Poisoning

Responder poisons LLMNR, NBT-NS, and mDNS to capture NTLMv2 hashes from Windows hosts on t…

169 views
active-directory

NetExec (CrackMapExec) — AD Lateral Movement

NetExec (nxc) — the Swiss Army knife for Windows/AD lateral movement, credential spraying,…

150 views
active-directory

Impacket — Windows & Active Directory Attacks

Impacket Python library with tools for SMB, MSRPC, Kerberos, NTLM, WMI, and AD attacks.

150 views
network-pentest

Nmap — Network Scanning & Enumeration

Complete Nmap reference for host discovery, port scanning, service detection, and NSE scri…

135 views

Related Courses

3
⭐ Premium
Intermediate

Network Penetration Testing

From host discovery to Active Directory attacks

3 · 8.2h
Beginner

Networking Fundamentals for Pentesters

Understand how networks actually work — so you can break them. TCP/IP, routing, protocols,…

1 · 5.9h
⭐ Premium
Intermediate

Windows Privilege Escalation — Complete Course

From whoami /priv to NT AUTHORITY\SYSTEM — every technique, tool, and HTB/THM/PG practice …

1 · 8.0h