What tool can automatically detect DCSync backdoors and other privileged accounts in Active Directory?
ACLight (from CyberArk) is a tool that enumerates all Active Directory ACLs and flags privileged accounts, including those with DCSync permissions. It requires PowerShell v3.0 and domain user privileges, producing reports that identify 'Shadow Admins' not in high-privilege groups.
---
**Related reading:**
- Domain Penetration - DCSync — original article
- Webmin<=1.920-Unauthenticated_RCE(CVE-2019-15107) Exploitation Test
- Use powershell to find a writable windows service
- Windows Shellcode Study Notes - Extraction and Testing of Shellcode
---
**Related reading:**
- Domain Penetration - DCSync — original article
- Webmin<=1.920-Unauthenticated_RCE(CVE-2019-15107) Exploitation Test
- Use powershell to find a writable windows service
- Windows Shellcode Study Notes - Extraction and Testing of Shellcode
DCSync detectionACLightShadow AdminACL audit
Source:Domain Penetration - DCSync