Esc
SID-History Injection - T1134.005
(ATT&CK® Technique)
Definition
Adversaries may use SID-History Injection to escalate privileges and bypass access controls. The Windows security identifier (SID) is a unique value that identifies a user or group account. SIDs are used by Windows security in both security descriptors and access tokens. An account can hold additional SIDs in the SID-History Active Directory attribute , allowing inter-operable account migration between domains (e.g., all values in SID-History are included in access tokens).
D3FEND Inferred Relationships
Browse the D3FEND knowledge graph by clicking on the nodes below.