GPO administrators better have moved to LAPS and removed the passwords from sysvol by now.
@gossithedog says “... This strikes me as important development in Trickbot...SYSVOL allows scheduled tasks to be pushed out to all workstations, and you can pull admin creds out of the XML files....This looks like further lateral movement development happening...”
No comments:
Post a Comment