Browsed by
Tag: Persistence

What is Ntds.dit Password Extraction?

What is Ntds.dit Password Extraction?

By stealing the Ntds.dit file – Active Directory’s database – an attacker can extract a copy of every user’s password hash and subsequently act as any user in the domain.


What is AdminSDHolder Modification?

What is AdminSDHolder Modification?

Modifying the Access Control List (ACL) of the AdminSDHolder container in Active Directory enables an attacker to achieve and maintain persistence in an already compromised domain, even if an administrator finds and removes the attacker’s permission on a protected object the AdminSDHolder controls.


What is DCShadow?

What is DCShadow?

DCShadow enables an attacker (using Mimikatz) to create a fake Active Directory Domain Controller (DC) that can replicate malicious changes to legitimate DCs.


What is the Golden Ticket Attack?

What is the Golden Ticket Attack?

By obtaining the password hash for the most powerful service account in Active Directory – the KRBTGT account – an attacker is able to compromise every account within Active Directory, giving them unlimited and virtually undetectable access to any system connected to AD.