DCSync - what it is and what we do
HTML-код
- Опубликовано: 3 дек 2024
- In this video, the speaker discusses the DC Sync attack technique, which involves extracting password hashes from Active Directory. They clarify that the permissions required for this attack are not limited to administrators, but can also be granted to other accounts, such as Azure AD Connect accounts. The speaker recommends removing unnecessary accounts with this permission to mitigate the risk. They also mention the importance of monitoring for any irregular domain replication activity and using tools like Security Guardian to identify accounts with the ability to extract password hashes.
