Detections
Analytics

Dangerous Rights in the AD Schema

high

Language:

Description

The Active Directory schema is the basis for creating objects and attributes, and you must approach any schema modifications with caution.

Solution

To assess the potential risk and true intention of a configuration change, investigate a classSchema object with a hazardous defaultSecurityDescriptor attribute.

See Also

About the Active Directory Schema

Default Security Descriptor

Indicator Details

Name: Dangerous Rights in the AD Schema

Codename: C-ABNORMAL-ENTRIES-IN-SCHEMA

Severity: High

MITRE ATT&CK Information:

Tactics: TA0003

Techniques: T1098