| Detection of Unauthorized DCSync Operations via Replication API Abuse - DET0594 (3796aa06-65fe-4b9d-9d31-e6491b722632) |
Detection Strategies |
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) |
Attack Pattern |
1 |
| Detection of Unauthorized DCSync Operations via Replication API Abuse - DET0594 (3796aa06-65fe-4b9d-9d31-e6491b722632) |
Detection Strategies |
Analytic 1632 - AN1632 (9a68f1a7-65f0-4eef-a711-888bccbeb0d5) |
Analytics |
1 |
| OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) |
Attack Pattern |
DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) |
Attack Pattern |
2 |