[1] [2] [3] to simulate the replication process from a remote domain controller using a technique called DCSync.Members of the Administrators, Domain Admins, and Enterprise Admin groups or computer accounts on the domain controller are able to run DCSync to pull password data[5] from Active Directory, which may include current and historical hashes of potentially useful accounts such as KRBTGT and Administrators">
产品 | 依赖关系 | 数据源 | 访问所需的 | 协议 | 收集的数据 | 笔记 |
---|---|---|---|---|---|---|
Tenable.ad | 活动目录 | 标准广告用户 | LDAP | 用户和组的成员和ACL |
框架:主教法冠ATT&CK
家庭:凭据访问
技术:操作系统凭证倾销
Sub-Technique:DCSync
平台:窗户
产品要求:Tenable.ad
站得住脚的发布日期:2022年第三季度