Look for GlobalNames zone

TrimarcJake / BlueTuxedo

A tiny tool to find and fix common misconfigurations in Active Directory-integrated DNS

Other

99 stars 7 forks source link

Look for GlobalNames zone #5

Open TrimarcJake opened 1 year ago

TrimarcJake commented 1 year ago

Allows for single-name domains. Dangerous af.

See: https://learn.microsoft.com/en-us/previous-versions/technet-magazine/cc137727(v=msdn.10)

SamErde commented 1 year ago

Would love to hear an estimation of how often you seen these in your engagements, and what risks you see resulting from the use of them. It's not hard to imagine that they could be abused, but I haven't dug into the idea at all.

TrimarcJake commented 1 year ago

Gotta start collecting this data on engagements first! (How to be doing this by year's end.)