OTRF / detection-hackathon-apt29

Place for resources used during the Mordor Detection hackathon event featuring APT29 ATT&CK evals datasets

GNU General Public License v3.0

133 stars 41 forks source link

16.D) Remote File Copy, Credential Dumping #40

Open Cyb3rWard0g opened 4 years ago

Cyb3rWard0g commented 4 years ago

Description

Through this connection, the attacker copies the Mimikatz binary used in Step 14 to the domain controller (T1105) then dumps the hash of the KRBTGT account (T1103).