Microsoft Deployment Toolkit: a quiet source of domain credentials

Microsoft Deployment Toolkit (MDT) in corporate networks is often used for automated Windows deployment, but when misconfigured it can become a source of credential exposure. In deployment shares, configuration files such as Bootstrap.ini and CustomSettings.ini can often be found, where passwords for domain access or service accounts are stored.

Additionally, the article notes that sensitive data may be present in task sequence XML, unattend.xml, and scripts within the deployment folder. If excessive privileges are configured in the system, for example allowing domain users, an attacker can read these files, extract credentials, and use them for privilege escalation up to domain level.

📎 Article: https://trustedsec.com/blog/red-team-gold-extracting-credentials-from-mdt-shares

💬 Discuss