SCCMSecrets is an open-source tool that exploits SCCM policies, offering more than just NAA credential extraction.
SCCM policies are a key target for attackers in Active Directory environments, as they can expose sensitive technical information, including account credentials. Attackers may retrieve these credentials by impersonating a registered device with authenticated access or, in some cases, even from an unauthenticated position by exploiting misconfigurations in policy distribution.
SCCMSecrets provides a thorough approach to identifying and exploiting misconfigurations in SCCM policy distribution. It can be run with varying privilege levels and will attempt to expose any secret policies, collection variables, and package scripts hosted on distribution points.
Additionally, it can be configured to impersonate legitimate SCCM clients, allowing for lateral movement across device collections throughout the intrusion process.
SCCMSecrets is available for free download on GitHub.
Must read: