Blog Security Research BadSuccessor Is Dead, Long Live BadSuccessor(?) Yuval Gordon is a Security Researcher at Akamai. His research is focused on offensive security and identity-based attack vectors. Contents Executive summary What BadSuccessor was (pre-patch) Microsoft’s patch for CVE-2025-53779 What BadSuccessor is (post-patch) Primitive 1 — Credential and privilege acquisition (shadow credentials alternative) Primitive 2 — Targeted credentials dump in already-owned domains (DCSync alternative) How BadSuccessor exploitation can be detected after the patch Mitigation Conclusion A final note Executive summary Akamai researchers analyzed Microsoft’s patch for the vulnerability known as BadSuccessor ( CVE-2025-53779 ) to assess its effectiveness. We concluded that while the patch was effective in mitigating a significant part of the risk associated with BadSuccessor, the technique lives on and remains relevant in certain scenarios.…