 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: DCSync| Names | DCSync | |
| Category | Malware | |
| Type | Credential stealer | |
| Description | (Stealthbits) DCSync is a late-stage kill chain attack that allows an attacker to simulate the behavior of Domain Controller (DC) in order to retrieve password data via domain replication. Once an attacker has access to a privileged account with domain replication rights, the attacker can utilize replication protocols to mimic a domain controller. DCSync itself is a command within Mimikatz and relies on utilizing specific commands within the Microsoft Directory Replication Service Remote Protocol (MS-DRSR) to simulates the behavior of a domain controller and asks other domain controllers to replicate information by using the Directory Replication Service Remote Protocol (MS-DRSR). Utilizing these protocols, this attack takes advantage of valid and necessary functions of Active Directory, which cannot be turned off or disabled. | |
| Information | <https://blog.stealthbits.com/what-is-dcsync-an-introduction/> | |
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | ↳ Subgroup: Scattered Spider | [Unknown] | 2022-Jan 2024  | ||
| Calypso |  | 2016-Aug 2021 | |||
| Mustang Panda, Bronze President | | 2012-Mar 2024 | ||
3 groups listed (3 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |