security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve discoverability of "Active Directory" attacks (#1544)

Browse Source
This commit is contained in:
Clément Notin
2021-07-07 19:38:22 +02:00
committed by GitHub
parent 412b05ad26
commit 1a4c4a97d2
6 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
atomics/T1003.006/T1003.006.yaml
+3 -3
View File
@@ -1,10 +1,10 @@
attack_technique: T1003.006
display_name: "OS Credential Dumping: DCSync"
atomic_tests:
- name: DCSync
- name: DCSync (Active Directory)
auto_generated_guid: 129efd28-8497-4c87-a1b0-73b9a870ca3e
description: |
Attack allowing retrieval of account information without accessing memory or retrieving the NTDS database.
Active Directory attack allowing retrieval of account information without accessing memory or retrieving the NTDS database.
Works against a remote Windows Domain Controller using the replication protocol.
Privileges required: domain admin or domain controller account (by default), or any other account with required rights.
[Reference](https://adsecurity.org/?p=1729)
@@ -12,7 +12,7 @@ atomic_tests:
- windows
input_arguments:
domain:
description: Targeted domain
description: Targeted Active Directory domain
type: string
default: example.com
user: