In days to come, I'll be helping organizations worldwide understand what constitutes a privileged user in Active Directory, how to correctly audit privileged access in Active Directory, and what the world's most important Active Directory security capability is.
Today though, I just wanted to ask a very simple and elemental cyber security multiple-choice question, so here it is -
Q. What are the minimum Active Directory Security Permissions that a perpetrator needs to be able to successfully run Mimikatz DCSync against an organization's foundational Active Directory deployment?
Is it -
A. The "Get Replication Changes" Extended Right
B. The "Get Replication Changes All" Extended Right
C. Both A and B above
D. Something else
I already know the answer to this simple question. I'm only asking because I believe that today every Domain Admin and every CISO at every organization that operates on Active Directory MUST know the answer to this question, and here's why.
You may be surprised if I were to share with you just how many Domain Admins and CISOs (at so many of the world's most prominent organizations) don't know even seem to know what Mimikatz DCSync is, let alone knowing the answer!
If you know the answer to this question, and care to share, please feel free to share it by leaving a comment below.