RID Hijacking: When Guests Become Admins

RID Hijacking: When Guests Become Admins

Securing Windows workstations and servers should be a priority for any organization; preventing a machine from getting compromised and being used to move laterally within an environment is a major concern. What happens when a machine is already compromised? A persistence method called ‘RID Hijacking’ is a way for an attacker to persist within your environment by granting the Guest account, or another local account, local administrator privileges by ‘hijacking’ the RID (relative identifier) of the Administrator account. Creating persistence…

Read More Read More

Start a Free StealthAUDIT® Trial!

No risk. No obligation.