Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Of course the VM is isolated. That's exactly the point of a VM.

An account inside a VM will only let you play in that VM.

Whereas your account on the host is available and automatically granted access to all machines, fileshares and services on the active directory network. If it got admin rights, then you've got admin pretty much everywhere.



“Whereas your account on the host is available and automatically granted access to all machines, fileshares and services on the active directory network. If it got admin rights, then you've got admin pretty much everywhere.”

Nonsense. You can have local admin rights that work only on one machine.


Nonsense, there are endless ways to escalate and pivot once you get local admin.

That being said, there are indeed restrictions that can and should be set on admin rights. Not that IT would know about it or that it would limit pivoting much.


"Nonsense, there are endless ways to escalate and pivot once you get local admin."

Why not report your findings to Microsoft and get your bug bounty payout?

And if this is true, wouldn't they also just do that from inside the VM?


> Of course the VM is isolated.

Let's assume for the sake of discussion that to do what I need to do I not only need to install the program that requires priveleges, I also need a few of my company network drives mapped, access to some company systems, internet access and so on.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: