Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.
Executive Summary
During the Investigation of a Suspicious Security Critical Event alarm, we discovered credentials had been dumped from the NTDS.dit, which is a database that stores Active Directory data, including password hashes for all users in the domain. By extracting these hashes, it’s possible for an attacker to use tools to gain access to user’s passwords, which allows them to act as any user on the domain, including the administrator. If an attacker gains access to an administrator account, the opportunities are endless.
The team immediately dug deeper into the event and determined a username tied to the actions. In under an hour we had triaged this set…
 |
Posted by: Edwardo Rodriguez |
The post Stories from the SOC – Credential Dumping appeared first on Cybersecurity Insiders.
July 09, 2020 at 09:10PM
0 comments:
Post a Comment