public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-27 23:37:58 +01:00
Code Issues Projects Releases Wiki Activity

Update Dsdbutil.yml

Browse Source 
fixed linking?? removed extra ---
This commit is contained in:
Ekitji 2023-08-22 18:30:30 +02:00 committed by GitHub
parent 3eb7625da4
commit be19ab3d53
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
yml/OtherMSBinaries/Dsdbutil.yml
View File

@ -2,7 +2,7 @@
Name: dsdbutil.exe
Description: Dsdbutil is a command-line tool that is built into Windows Server. It is available if you have the AD LDS server role installed. Can be used as a command line utility to export Active Directory.
Aliases:
- Alias: dsDbUtil.exe # PE Original filename
---Alias: dsDbUtil.exe # PE Original filename
Author: Ekitji
Created: 2023-05-31
Commands:
@ -54,15 +54,15 @@ Detection:
- IOC: Event ID 4656
- IOC: Regular and Volume Shadow Copy attempts to read or modify ntds.dit
- Analysis:
- Sigma:
- Elastic:
- Splunk:
- Sigma:
- Elastic:
- Splunk:
- BlockRule:
Resources:
- Link: https://gist.github.com/bohops/88561ca40998e83deb3d1da90289e358
- Link: https://www.netwrix.com/ntds_dit_security_active_directory.html
Acknowledgement:
- Person: bohop
Handle: '@bohops'
- Person: Ekitji
Handle: '@eki_erk'
- Person: bohop
Handle: '@bohops'
- Person: Ekitji
Handle: '@eki_erk'