How the new Security Questions feature in Windows 10 can be used as a backdoor to establish domain-wide persistence
In April 2018, Microsoft introduced a security questions feature to enable password recovery in Windows 10. This feature allows a user to regain access to a local account by providing “correct” answers to a series of questions—questions of the sort we all know, such as “What was your first pet’s name?” and “What was your childhood nickname?”