dMSA BadSuccessor

TL;DR: Windows Server 2025 delegated Managed Service Accounts let an attacker with write rights set msDS-ManagedAccountPrecededByLink to inherit any account, including DA (CVE-2025-53779).

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory