Skip to content

Hide Navigation Hide TOC

DPAPI Domain Backup Key Extraction (4ac1f50b-3bd0-4968-902d-868b4647937e)

Detects tools extracting LSA secret DPAPI domain backup key from Domain Controllers

Cluster A Galaxy A Cluster B Galaxy B Level
DPAPI Domain Backup Key Extraction (4ac1f50b-3bd0-4968-902d-868b4647937e) Sigma-Rules LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern 1
LSA Secrets - T1003.004 (1ecfdab8-7d59-4c98-95d4-dc41970f57fc) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2