Skip to content

Hide Navigation Hide TOC

Active Directory - DS0026 (d6188aac-17db-4861-845f-57c369f9b4c8)

A database and set of services that allows administrators to manage permissions, access to network resources, and stored data objects (user, group, application, or devices)(Citation: Microsoft AD DS Getting Started)

Cluster A Galaxy A Cluster B Galaxy B Level
Active Directory Object Access (5c6de881-bc70-4070-855a-7a9631a407f7) mitre-data-component Active Directory - DS0026 (d6188aac-17db-4861-845f-57c369f9b4c8) mitre-data-source 1
Active Directory Object Creation (18b236d8-7224-488f-9d2f-50076a0f653a) mitre-data-component Active Directory - DS0026 (d6188aac-17db-4861-845f-57c369f9b4c8) mitre-data-source 1
Active Directory Credential Request (02d090b6-8157-48da-98a2-517f7edd49fc) mitre-data-component Active Directory - DS0026 (d6188aac-17db-4861-845f-57c369f9b4c8) mitre-data-source 1
Active Directory Object Deletion (9085a576-636a-455b-91d2-c2921bbe6d1d) mitre-data-component Active Directory - DS0026 (d6188aac-17db-4861-845f-57c369f9b4c8) mitre-data-source 1
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Active Directory - DS0026 (d6188aac-17db-4861-845f-57c369f9b4c8) mitre-data-source 1
Group Policy Discovery - T1615 (1b20efbf-8063-4fc3-a07d-b575318a301b) Attack Pattern Active Directory Object Access (5c6de881-bc70-4070-855a-7a9631a407f7) mitre-data-component 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Active Directory Object Access (5c6de881-bc70-4070-855a-7a9631a407f7) mitre-data-component 2
Active Directory Object Access (5c6de881-bc70-4070-855a-7a9631a407f7) mitre-data-component DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 2
Active Directory Object Access (5c6de881-bc70-4070-855a-7a9631a407f7) mitre-data-component OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2
Active Directory Object Creation (18b236d8-7224-488f-9d2f-50076a0f653a) mitre-data-component Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 2
Active Directory Object Creation (18b236d8-7224-488f-9d2f-50076a0f653a) mitre-data-component Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 2
Active Directory Object Creation (18b236d8-7224-488f-9d2f-50076a0f653a) mitre-data-component Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 2
Active Directory Object Creation (18b236d8-7224-488f-9d2f-50076a0f653a) mitre-data-component Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 2
Active Directory Object Creation (18b236d8-7224-488f-9d2f-50076a0f653a) mitre-data-component Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 2
Active Directory Credential Request (02d090b6-8157-48da-98a2-517f7edd49fc) mitre-data-component Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern 2
Active Directory Credential Request (02d090b6-8157-48da-98a2-517f7edd49fc) mitre-data-component Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Active Directory Credential Request (02d090b6-8157-48da-98a2-517f7edd49fc) mitre-data-component 2
Active Directory Credential Request (02d090b6-8157-48da-98a2-517f7edd49fc) mitre-data-component AS-REP Roasting - T1558.004 (3986e7fd-a8e9-4ecb-bfc6-55920855912b) Attack Pattern 2
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Active Directory Credential Request (02d090b6-8157-48da-98a2-517f7edd49fc) mitre-data-component 2
Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern Active Directory Credential Request (02d090b6-8157-48da-98a2-517f7edd49fc) mitre-data-component 2
Active Directory Credential Request (02d090b6-8157-48da-98a2-517f7edd49fc) mitre-data-component Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2
Active Directory Credential Request (02d090b6-8157-48da-98a2-517f7edd49fc) mitre-data-component Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 2
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern Active Directory Object Deletion (9085a576-636a-455b-91d2-c2921bbe6d1d) mitre-data-component 2
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Active Directory Object Deletion (9085a576-636a-455b-91d2-c2921bbe6d1d) mitre-data-component 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Account Access Removal - T1531 (b24e2a20-3b3d-4bf0-823b-1ed765398fb0) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Steal or Forge Authentication Certificates - T1649 (7de1f7ac-5d0c-4c9c-8873-627202205331) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern 2
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 2
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Conditional Access Policies - T1556.009 (ceaeb6d8-95ee-4da2-9d42-dc6aa6ca43ae) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Reversible Encryption - T1556.005 (d50955c2-272d-4ac8-95da-10c29dda1c48) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 2
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Rogue Domain Controller - T1207 (564998d8-ab3e-4123-93fb-eccaa6b9714a) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 2
Active Directory Object Modification (5b8b466b-2c81-4fe7-946f-d677a74ae3db) mitre-data-component Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 2
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 3
Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) Attack Pattern Device Registration - T1098.005 (7decb26c-715c-40cf-b7e0-026f7d7cc215) Attack Pattern 3
Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern Trust Modification - T1484.002 (24769ab5-14bd-4f4e-a752-cfb185da53ee) Attack Pattern 3
Group Policy Modification - T1484.001 (5d2be8b9-d24c-4e98-83bf-2f5f79477163) Attack Pattern Domain or Tenant Policy Modification - T1484 (ebb42bbe-62d7-47d7-a55f-3b08b61d792d) Attack Pattern 3
Kerberoasting - T1558.003 (f2877f7f-9a4c-4251-879f-1224e3006bee) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
AS-REP Roasting - T1558.004 (3986e7fd-a8e9-4ecb-bfc6-55920855912b) Attack Pattern Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 3
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 3
Steal or Forge Kerberos Tickets - T1558 (3fc01293-ef5e-41c6-86ce-61f10706b64a) Attack Pattern Golden Ticket - T1558.001 (768dce68-8d0d-477a-b01d-0eea98b963a1) Attack Pattern 3
SID-History Injection - T1134.005 (b7dc639b-24cd-482d-a7f1-8897eda21023) Attack Pattern Access Token Manipulation - T1134 (dcaa092b-7de9-4a21-977f-7fcb77e89c48) Attack Pattern 3
Windows File and Directory Permissions Modification - T1222.001 (34e793de-0274-4982-9c1a-246ed1c19dee) Attack Pattern File and Directory Permissions Modification - T1222 (65917ae0-b854-4139-83fe-bf2441cf0196) Attack Pattern 3
Network Logon Script - T1037.003 (c63a348e-ffc2-486a-b9d9-d7f11ec54d99) Attack Pattern Boot or Logon Initialization Scripts - T1037 (03259939-0b57-482f-8eb5-87c0e0d54334) Attack Pattern 3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Conditional Access Policies - T1556.009 (ceaeb6d8-95ee-4da2-9d42-dc6aa6ca43ae) Attack Pattern 3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Reversible Encryption - T1556.005 (d50955c2-272d-4ac8-95da-10c29dda1c48) Attack Pattern 3
Modify Authentication Process - T1556 (f4c1826f-a322-41cd-9557-562100848c84) Attack Pattern Multi-Factor Authentication - T1556.006 (b4409cd8-0da9-46e1-a401-a241afd4d1cc) Attack Pattern 3