Artifacts Generated: Process Create, Process Inject, Process Kill
Summary
Use mimikatz’slsadump::dcsync module to retrieve a user’s kerberos keys from a Domain Controller.
Arguments
Domain
Domain to query information from.User (Optional)
Username to sync kerberos keys for. Default is all users.DC (Optional)
Domain controller to sync credential material from.Usage
MITRE ATT&CK Mapping
- T1003.006