DNSAdmins exploitation is an attack that allows members of the DNSAdmins group to take over control of a Domain Controller running the Microsoft DNS service. A member of the DNSAdmins group has rights to perform administrative tasks on the Active Directory DNS service. Attackers can abuse these rights to execute malicious code in a highly privileged context.

See Also

Abusing DNSAdmins privilege for escalation in Active Directory

Hunting DNS Server Level Plugin dll injection

Micropatch For Remote Code Execution by DNS Administrators (CVE-2021-40469)

Indicator Details

Name: DnsAdmins Exploitation

Codename: I-DnsAdmins

Severity: High

MITRE ATT&CK Information:
ID: T1055.001
Sub-technique of: T1055
Tactic: TA0004