Remaping NTDS entries to T1003.003

This commit is contained in:
Wietze 2021-11-05 20:32:44 +00:00
parent 8257d60aad
commit df8c88f4ca
No known key found for this signature in database
GPG Key ID: E17630129FF993CF
3 changed files with 3 additions and 3 deletions

View File

@ -9,7 +9,7 @@ Commands:
Usecase: Use diskshadow to exfiltrate data from VSS such as NTDS.dit
Category: Dump
Privileges: User
MitreID: T1218
MitreID: T1003.003
OperatingSystem: Windows server
- Command: diskshadow> exec calc.exe
Description: Execute commands using diskshadow.exe to spawn child process

View File

@ -44,7 +44,7 @@ Commands:
Usecase: Copy/extract a locked file such as the AD Database
Category: Copy
Privileges: Admin
MitreID: T1003
MitreID: T1003.003
OperatingSystem: Windows 10, Windows 2016 Server, Windows 2019 Server
Full_Path:
- Path: C:\Windows\System32\esentutl.exe

View File

@ -9,7 +9,7 @@ Commands:
Usecase: Dumping of Active Directory NTDS.dit database
Category: Dump
Privileges: Administrator
MitreID: T1003
MitreID: T1003.003
OperatingSystem: Windows
Full_Path:
- Path: C:\Windows\System32\ntdsutil.exe