mirror of
https://github.com/LOLBAS-Project/LOLBAS
synced 2024-12-25 14:29:24 +01:00
Remaping NTDS entries to T1003.003
This commit is contained in:
parent
8257d60aad
commit
df8c88f4ca
@ -9,7 +9,7 @@ Commands:
|
|||||||
Usecase: Use diskshadow to exfiltrate data from VSS such as NTDS.dit
|
Usecase: Use diskshadow to exfiltrate data from VSS such as NTDS.dit
|
||||||
Category: Dump
|
Category: Dump
|
||||||
Privileges: User
|
Privileges: User
|
||||||
MitreID: T1218
|
MitreID: T1003.003
|
||||||
OperatingSystem: Windows server
|
OperatingSystem: Windows server
|
||||||
- Command: diskshadow> exec calc.exe
|
- Command: diskshadow> exec calc.exe
|
||||||
Description: Execute commands using diskshadow.exe to spawn child process
|
Description: Execute commands using diskshadow.exe to spawn child process
|
||||||
|
@ -44,7 +44,7 @@ Commands:
|
|||||||
Usecase: Copy/extract a locked file such as the AD Database
|
Usecase: Copy/extract a locked file such as the AD Database
|
||||||
Category: Copy
|
Category: Copy
|
||||||
Privileges: Admin
|
Privileges: Admin
|
||||||
MitreID: T1003
|
MitreID: T1003.003
|
||||||
OperatingSystem: Windows 10, Windows 2016 Server, Windows 2019 Server
|
OperatingSystem: Windows 10, Windows 2016 Server, Windows 2019 Server
|
||||||
Full_Path:
|
Full_Path:
|
||||||
- Path: C:\Windows\System32\esentutl.exe
|
- Path: C:\Windows\System32\esentutl.exe
|
||||||
|
@ -9,7 +9,7 @@ Commands:
|
|||||||
Usecase: Dumping of Active Directory NTDS.dit database
|
Usecase: Dumping of Active Directory NTDS.dit database
|
||||||
Category: Dump
|
Category: Dump
|
||||||
Privileges: Administrator
|
Privileges: Administrator
|
||||||
MitreID: T1003
|
MitreID: T1003.003
|
||||||
OperatingSystem: Windows
|
OperatingSystem: Windows
|
||||||
Full_Path:
|
Full_Path:
|
||||||
- Path: C:\Windows\System32\ntdsutil.exe
|
- Path: C:\Windows\System32\ntdsutil.exe
|
||||||
|
Loading…
Reference in New Issue
Block a user