all InfoSec news
SCCM Hierarchy Takeover
Security Boulevard securityboulevard.com
One Site to Rule Them All
tl;dr:
There is no security boundary between sites in the same hierarchy.
When an administrative user is granted a security role in SCCM, such as Full Administrator or Infrastructure Administrator, in any primary site, the underlying database changes propagate upward to the central administration site (CAS) and then to other primary sites in the hierarchy.
This means that if an attacker gains control of any primary site, they gain control of the entire …
administration configmgr database hierarchy infosec infrastructure pentesting red team role sccm security social engineering takeover