Guarding against DCSync attacks

Active Directory Credentials cyberattack Don't miss Expert analysis Hot stuff News Opinion Semperis threats

Gaining access to domain admin credentials is part of the endgame in many sophisticated attacks where threat actors are trying to maintain persistence. One of the ways that adversaries accomplish this is through DCSync attacks. What is a DCSync attack? A DCSync attack is a method where threat actors run processes that behave like a domain controller and use the Directory Replication Service (DRS) remote protocol to replicate AD information. The attack enables them to … More

The post Guarding against DCSync attacks appeared first on Help Net Security.

Source: help net