Show in Graph
Common Information
Type Value
Value 
Domain Trust Discovery - T1482
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may attempt to gather information on domain trust relationships that may be used to identify lateral movement opportunities in Windows multi-domain/forest environments. Domain trusts provide a mechanism for a domain to allow access to resources based on the authentication procedures of another domain.(Citation: Microsoft Trusts) Domain trusts allow the users of the trusted domain to access resources in the trusting domain. The information discovered may help the adversary conduct [SID-History Injection](https://attack.mitre.org/techniques/T1134/005), [Pass the Ticket](https://attack.mitre.org/techniques/T1550/003), and [Kerberoasting](https://attack.mitre.org/techniques/T1558/003).(Citation: AdSecurity Forging Trust Tickets)(Citation: Harmj0y Domain Trusts) Domain trusts can be enumerated using the `DSEnumerateDomainTrusts()` Win32 API call, .NET methods, and LDAP.(Citation: Harmj0y Domain Trusts) The Windows utility [Nltest](https://attack.mitre.org/software/S0359) is known to be used by adversaries to enumerate domain trusts.(Citation: Microsoft Operation Wilysupply)
Details Published Attributes CTI Title
Details Website 2024-11-01 39 Dark Web Profile: Tropic Trooper (APT23) - SOCRadar® Cyber Intelligence Inc.
Details Website 2024-10-24 79 Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN - Arctic Wolf
Details Website 2024-10-23 44 Highlighting TA866/Asylum Ambuscade Activity Since 2021
Details Website 2024-10-17 5 SafeBreach Coverage for US CERT AA24-290A (Iranian Cyber Actors)
Details Website 2024-10-16 108 Iranian Cyber Actors’ Brute Force and Credential Access Activity Compromises Critical Infrastructure Organizations | CISA
Details Website 2024-10-10 182 Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware | CTF导航
Details Website 2024-09-30 174 Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
Details Website 2024-09-19 0 Is it an attacker or an IT admin? Test your skills in two minutes… - ThreatDown by Malwarebytes
Details Website 2024-09-09 33 Threat Intelligence Report 3rd September – 9th September 2024
Details Website 2024-09-02 43 Iranian State-Sponsored Hackers Have Become Access Brokers For Ransomware Gangsca - Cyble
Details Website 2024-09-02 28 Threat Intelligence Report 27th August – 2nd September 2024
Details Website 2024-08-28 62 Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations | CISA
Details Website 2024-08-28 23 AA24-241A : Joint Cybersecurity Advisory on Iran-based Cyber Actors Targeting US Organizations
Details Website 2024-07-24 25 Fake update puts visitors at risk
Details Website 2024-06-25 47 How to detect the modular RAT CSHARP-STREAMER
Details Website 2024-04-01 124 From OneNote to RansomNote: An Ice Cold Intrusion
Details Website 2024-02-27 72 Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
Details Website 2024-02-27 73 Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
Details Website 2023-12-06 198 Russia/Ukraine Update - December 2023
Details Website 2023-11-13 78 Don’t throw a hissy fit; defend against Medusa
Details Website 2023-11-08 29 Investigating New INC Ransom Group Activity
Details Website 2023-10-30 154 NetSupport Intrusion Results in Domain Compromise - The DFIR Report
Details Website 2023-10-23 273 Red Team Tools
Details Website 2023-10-17 92 Anomali Cyber Watch: RomCom 4.0 Targeted Female Politicians, Israeli RedAlert App Impersonated, and More. – Anomali
Details Website 2023-10-11 99 Qakbot evolves to OneNote Malware Distribution