From 4bef10b147b3af50175f205266ea69cb87623c41 Mon Sep 17 00:00:00 2001
From: Oddvar Moe <oddvar.moe@gmail.com>
Date: Mon, 16 Mar 2020 20:10:17 +0100
Subject: [PATCH] adjusted rasautou and removed ntdsutil

---
 yml/OtherMSBinaries/Ntdsutil.yml | 26 --------------------------
 1 file changed, 26 deletions(-)
 delete mode 100644 yml/OtherMSBinaries/Ntdsutil.yml

diff --git a/yml/OtherMSBinaries/Ntdsutil.yml b/yml/OtherMSBinaries/Ntdsutil.yml
deleted file mode 100644
index 52d11df..0000000
--- a/yml/OtherMSBinaries/Ntdsutil.yml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-Name: ntdsutil.exe
-Description: Command line utility used to export Actove Directory.
-Author: 'Tony Lambert'
-Created: '2020-01-10'
-Commands:
-  - Command: ntdsutil.exe “ac i ntds” “ifm” “create full c:\” q q
-    Description: Dump NTDS.dit into folder
-    Usecase: Dumping of Active Directory NTDS.dit database
-    Category: Dump
-    Privileges: Administrator
-    MitreID: T1003
-    MitreLink: https://attack.mitre.org/wiki/Technique/T1003
-    OperatingSystem: Windows
-Full_Path:
-  - Path: C:\Windows\System32\ntdsutil.exe
-Code_Sample:
-  - Code:
-Detection:
-  - IOC: ntdsutil.exe with command line including "ifm"
-Resources:
-  - Link: https://adsecurity.org/?p=2398#CreateIFM
-Acknowledgement:
-  - Person: Sean Metcalf
-    Handle: '@PyroTek3'
----