Skip to content

Hide Navigation Hide TOC

HackTool - ADCSPwn Execution (cd8c163e-a19b-402e-bdd5-419ff5859f12)

Detects command line parameters used by ADCSPwn, a tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service

Cluster A Galaxy A Cluster B Galaxy B Level
HackTool - ADCSPwn Execution (cd8c163e-a19b-402e-bdd5-419ff5859f12) Sigma-Rules LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 1
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 2