HuntingForAPT28_HafniumNTDS.ditDomainControllerCredentialHarvesting

Hunting for APT28/Hafnium NTDS.dit Domain Controller Credential Harvesting [MITRE ATT&CK T1003.003]

Description

NTDS credential dumping [MITRE ATT&CK T1003.003] provides APT28, Hafnium, and several other attackers access to domain credentials for easy pivoting. This week’s #TechTalkTuesday explores ways to include NTDS detection techniques into your threat-hunting efforts.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top