Skeleton Key
Skeleton key is a persistence technique where it is possible to inject malware to the Domain Controller LSASS process so that it allows access as any user with a single password.
Important to know:
Require Domain Admin privileges
Skeleton Key is not persistent across reboots
Skeleton Key is not opsec safe and is also known to cause issues with AD CS
Inject a skeleton key
Access any machine
LSASS running as a protected process
In case Lsass is running as a protected process, we can still use Skeleton Key but it needs the mimikatz driver (mimidriv.sys) on disk of the target DC
more detailed
Last updated