特权提升防护 on 办公AI智能小助手 https://blog.qife122.com/tags/%E7%89%B9%E6%9D%83%E6%8F%90%E5%8D%87%E9%98%B2%E6%8A%A4/ Recent content in 特权提升防护 on 办公AI智能小助手 Hugo zh-cn qife Wed, 17 Sep 2025 09:21:46 +0800 启用msDS-KeyCredentialLink变更审计:防御影子凭据攻击的关键技术 https://blog.qife122.com/p/%E5%90%AF%E7%94%A8msds-keycredentiallink%E5%8F%98%E6%9B%B4%E5%AE%A1%E8%AE%A1%E9%98%B2%E5%BE%A1%E5%BD%B1%E5%AD%90%E5%87%AD%E6%8D%AE%E6%94%BB%E5%87%BB%E7%9A%84%E5%85%B3%E9%94%AE%E6%8A%80%E6%9C%AF/ Wed, 17 Sep 2025 09:21:46 +0800 https://blog.qife122.com/p/%E5%90%AF%E7%94%A8msds-keycredentiallink%E5%8F%98%E6%9B%B4%E5%AE%A1%E8%AE%A1%E9%98%B2%E5%BE%A1%E5%BD%B1%E5%AD%90%E5%87%AD%E6%8D%AE%E6%94%BB%E5%87%BB%E7%9A%84%E5%85%B3%E9%94%AE%E6%8A%80%E6%9C%AF/ <h1 id="启用msds-keycredentiallink变更审计">启用msDS-KeyCredentialLink变更审计</h1> <h2 id="技术背景">技术背景</h2> <p>标准审计配置不会记录对msDS-KeyCredentialLink属性的更改。这种审计缺失给安全调查带来重大挑战。通过TrustedSec的研究成果和OTRF(Open Threat Research Forge)开发的开源工具,我们现在能够有效监控这一关键属性的变更。</p>