Update Dsdbutil.yml

2025-11-04 02:29:34 +01:00 · 2023-06-08 01:07:25 +03:00
parent 1a3ada3984
commit 3eb7625da4
1 changed files with 4 additions and 4 deletions
--- a/yml/OtherMSBinaries/Dsdbutil.yml
+++ b/yml/OtherMSBinaries/Dsdbutil.yml
@@ -11,28 +11,28 @@ Commands:
    Usecase: Snapshoting of Active Directory NTDS.dit database
    Category: Dump
    Privileges: Administrator
-    MitreID: T1003.003: NTDS
+    MitreID: T1003.003
    OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019
  - Command: dsdbutil.exe "activate instance ntds" "snapshot" "mount {GUID}" "quit" "quit"
    Description: Mounting the snapshot with its GUID
    Usecase: Mounting the snapshot to access the ntds.dit with copy c:\[Snap Volume]\windows\ntds\ntds.dit c:\users\administrator\desktop\ntds.dit.bak
    Category: Dump
    Privileges: Administrator
-    MitreID: T1003.003: NTDS
+    MitreID: T1003.003
    OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019
  - Command: dsdbutil.exe "activate instance ntds" "snapshot" "delete {GUID}" "quit" "quit"
    Description: Deletes the mount of the snapshot
    Usecase: Deletes the snapshot
    Category: Dump
    Privileges: Administrator
-    MitreID: T1003.003: NTDS
+    MitreID: T1003.003
    OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019
  - Command: dsdbutil.exe "activate instance ntds" "snapshot" "create" "list all" "mount 1" "quit" "quit"
    Description: Mounting with snapshot identifier
    Usecase: Mounting the snapshot identifier 1 and accessing it with with copy c:\[Snap Volume]\windows\ntds\ntds.dit c:\users\administrator\desktop\ntds.dit.bak
    Category: Dump
    Privileges: Administrator
-    MitreID: T1003.003: NTDS
+    MitreID: T1003.003
    OperatingSystem: Windows Server 2012, Windows Server 2016, Windows Server 2019
  - Command: dsdbutil.exe "activate instance ntds" "snapshot" "list all" "delete 1" "quit" "quit"
    Description: Deletes the mount of the snapshot