Hunting for APT28/Hafnium NTDS.dit Domain Controller Credential Harvesting [MITRE ATT&CK T1003.003]
Description
NTDS credential dumping [MITRE ATT&CK T1003.003] provides APT28, Hafnium, and several other attackers access to domain credentials for easy pivoting. This week’s #TechTalkTuesday explores ways to include NTDS detection techniques into your threat-hunting efforts.