As #Microsoft Windows doesn't verify that the SIDs exist on the domain when an ACL is created it's possible to insert a non-existent SID into any object's ACL we have privileges over. The main exploitation vector here is persistence. Threat actors with domain control can add permissions and privileges to future SIDs and regain a foothold by creating a user or computer account. #windows #malware #powershell #vuln #audit #informatique

https://www.varonis.com/blog/synthetic-sid