mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-05 23:38:57 +03:00
27 lines
995 B
Markdown
27 lines
995 B
Markdown
# Standards and References - DCSync Domain Persistence
|
|
|
|
## MITRE ATT&CK References
|
|
|
|
| Technique ID | Name | Tactic |
|
|
|-------------|------|--------|
|
|
| T1003.006 | OS Credential Dumping: DCSync | Credential Access |
|
|
| T1558.001 | Steal or Forge Kerberos Tickets: Golden Ticket | Credential Access |
|
|
| T1222.001 | File and Directory Permissions Modification | Defense Evasion |
|
|
| T1098 | Account Manipulation | Persistence |
|
|
| T1078.002 | Valid Accounts: Domain Accounts | Persistence |
|
|
|
|
## Key Research
|
|
|
|
- MITRE ATT&CK T1003.006: https://attack.mitre.org/techniques/T1003/006/
|
|
- Netwrix: DCSync Attack Using Mimikatz Detection
|
|
- JumpCloud: What Is DCSync? Critical AD Attack Explained
|
|
- The Hacker Recipes: DCSync technique documentation
|
|
- Atomic Red Team T1003.006 test procedures
|
|
|
|
## Threat Actor Usage
|
|
|
|
- APT28 (Fancy Bear) - DCSync for credential harvesting
|
|
- APT29 (Cozy Bear) - SolarWinds campaign used DCSync
|
|
- FIN6 - Financial cybercrime group
|
|
- Wizard Spider - Ryuk ransomware campaigns
|