Skip to content

Hide Navigation Hide TOC

Active Directory Replication from Non Machine Account (17d619c1-e020-4347-957e-1d1207455c93)

Detects potential abuse of Active Directory Replication Service (ADRS) from a non machine account to request credentials.

Cluster A Galaxy A Cluster B Galaxy B Level
Active Directory Replication from Non Machine Account (17d619c1-e020-4347-957e-1d1207455c93) Sigma-Rules DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 1
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern DCSync - T1003.006 (f303a39a-6255-4b89-aecc-18c4d8ca7163) Attack Pattern 2