> For the complete documentation index, see [llms.txt](https://rootclay.gitbook.io/windows-access-control/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://rootclay.gitbook.io/windows-access-control/4.-ad-zhong-de-acl.md). # 4. AD中的ACL Active Directory(AD)对象安全描述符是一个尚未开发的攻击环境,攻击者和防御者都经常忽略它们。尽管AD安全描述符错误配置可以提供许多有助于提升域权限的路径,但它们也为隐蔽部署Active Directory持久性提供了独特的机会。通常很难确定特定的AD安全描述符错误配置是故意设置的还是偶然实现的。 随着人们对Golden1和Silver2 Kerberos票证的认识不断提高,行业开始意识到“无恶意软件”的持久性技术。也就是说,不涉及在系统上执行代码的持久性策略是为了保留将来对环境的访问。尽管Golden和Silver Kerberos票证攻击可以在环境中进行任何修改或提供代码执行的持久性,但存在另一种促进Active Directory持久性的途径。安全描述符持久性方法确实涉及对环境的某种类型的修改。但是,不需要执行代码,并且所做的更改通常会在操作系统和域功能级别升级后继续存在。这意味着Active Directory安全描述符的修改提供了一个极好的机会,可以以最小的痕迹在域中进行持久化。 --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://rootclay.gitbook.io/windows-access-control/4.-ad-zhong-de-acl.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.