Powerview Add-DomainObjectAcl DCSync AD Extend Right (2c99737c-585d-4431-b61a-c911d86ff32f)
Backdooring domain object to grant the rights associated with DCSync to a regular user or machine account using Powerview\Add-DomainObjectAcl DCSync Extended Right cmdlet, will allow to re-obtain the pwd hashes of any user/computer
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Powerview Add-DomainObjectAcl DCSync AD Extend Right (2c99737c-585d-4431-b61a-c911d86ff32f) | Sigma-Rules | Account Manipulation - T1098 (a10641f4-87b4-45a3-a906-92a149cb2c27) | Attack Pattern | 1 |