Files
Anthropic-Cybersecurity-Skills/skills/conducting-domain-persistence-with-dcsync/references/standards.md
T

27 lines
995 B
Markdown

# Standards and References - DCSync Domain Persistence
## MITRE ATT&CK References
| Technique ID | Name | Tactic |
|-------------|------|--------|
| T1003.006 | OS Credential Dumping: DCSync | Credential Access |
| T1558.001 | Steal or Forge Kerberos Tickets: Golden Ticket | Credential Access |
| T1222.001 | File and Directory Permissions Modification | Defense Evasion |
| T1098 | Account Manipulation | Persistence |
| T1078.002 | Valid Accounts: Domain Accounts | Persistence |
## Key Research
- MITRE ATT&CK T1003.006: https://attack.mitre.org/techniques/T1003/006/
- Netwrix: DCSync Attack Using Mimikatz Detection
- JumpCloud: What Is DCSync? Critical AD Attack Explained
- The Hacker Recipes: DCSync technique documentation
- Atomic Red Team T1003.006 test procedures
## Threat Actor Usage
- APT28 (Fancy Bear) - DCSync for credential harvesting
- APT29 (Cozy Bear) - SolarWinds campaign used DCSync
- FIN6 - Financial cybercrime group
- Wizard Spider - Ryuk ransomware campaigns