Prevent domain users from querying Elevated Groups

One of our customers that had recently suffered a brutal cyber attack tasked us with a method to protect elevated groups from being queried for membership by their domain users. I said, “That’s very specific.” My customer just looked at me and began to describe their situation. In a nutshell, the attacker had delivered a payload to one of their users via email. With this payload, the attacker was able to execute commands and install software on the infected computer. As a “Domain User” the attacker was able to query the “Domain Admins” group for its members. This information was ... Read More