mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-28 15:58:24 +01:00
Update Dsdbutil.yml
fixed linking?? removed extra ---
This commit is contained in:
Ekitji
GitHub
parent
3eb7625da4
commit
be19ab3d53
@ -2,7 +2,7 @@
|
|||||||
Name: dsdbutil.exe
|
Name: dsdbutil.exe
|
||||||
Description: Dsdbutil is a command-line tool that is built into Windows Server. It is available if you have the AD LDS server role installed. Can be used as a command line utility to export Active Directory.
|
Description: Dsdbutil is a command-line tool that is built into Windows Server. It is available if you have the AD LDS server role installed. Can be used as a command line utility to export Active Directory.
|
||||||
Aliases:
|
Aliases:
|
||||||
- Alias: dsDbUtil.exe # PE Original filename
|
---Alias: dsDbUtil.exe # PE Original filename
|
||||||
Author: Ekitji
|
Author: Ekitji
|
||||||
Created: 2023-05-31
|
Created: 2023-05-31
|
||||||
Commands:
|
Commands:
|
||||||
@ -54,15 +54,15 @@ Detection:
|
|||||||
- IOC: Event ID 4656
|
- IOC: Event ID 4656
|
||||||
- IOC: Regular and Volume Shadow Copy attempts to read or modify ntds.dit
|
- IOC: Regular and Volume Shadow Copy attempts to read or modify ntds.dit
|
||||||
- Analysis:
|
- Analysis:
|
||||||
- Sigma:
|
- Sigma:
|
||||||
- Elastic:
|
- Elastic:
|
||||||
- Splunk:
|
- Splunk:
|
||||||
- BlockRule:
|
- BlockRule:
|
||||||
Resources:
|
Resources:
|
||||||
- Link: https://gist.github.com/bohops/88561ca40998e83deb3d1da90289e358
|
- Link: https://gist.github.com/bohops/88561ca40998e83deb3d1da90289e358
|
||||||
- Link: https://www.netwrix.com/ntds_dit_security_active_directory.html
|
- Link: https://www.netwrix.com/ntds_dit_security_active_directory.html
|
||||||
Acknowledgement:
|
Acknowledgement:
|
||||||
- Person: bohop
|
- Person: bohop
|
||||||
Handle: '@bohops'
|
Handle: '@bohops'
|
||||||
- Person: Ekitji
|
- Person: Ekitji
|
||||||
Handle: '@eki_erk'
|
Handle: '@eki_erk'
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user