Common Information
| Type | Value |
|---|---|
| Value |
Domain Account - T1136.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may create a domain account to maintain access to victim systems. Domain accounts are those managed by Active Directory Domain Services where access and permissions are configured across systems and services that are part of that domain. Domain accounts can cover user, administrator, and service accounts. With a sufficient level of access, the <code>net user /add /domain</code> command can be used to create a domain account.(Citation: Savill 1999) Such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2017-12-17 | 3 | Post Exploitation for Remote Windows Password - Hacking Articles | ||
| Details | Website | 2017-09-28 | 5 | Install OpenSSH on Windows for PowerShell Core remoting via SSH | ||
| Details | Website | 2017-07-24 | 28 | Office365 ActiveSync Username Enumeration | ||
| Details | Website | 2017-06-30 | 0 | A pentester’s take on (Not)Petya – Sec Team Blog | ||
| Details | Website | 2017-05-22 | 0 | Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 19 | ||
| Details | Website | 2017-05-11 | 5 | PowerShell Direct (few internals) | ||
| Details | Website | 2017-01-12 | 0 | Perspective Risk's pick of the best infosec blogs of 2016 | ||
| Details | Website | 2016-12-06 | 1 | Crypto Ransomware | Bridewell | ||
| Details | Website | 2016-11-03 | 35 | Securing Domain Controllers to Improve Active Directory Security | ||
| Details | Website | 2016-08-01 | 14 | Blindly Discover SQL Server Instances with PowerUpSQL | ||
| Details | Website | 2016-06-05 | 4 | Practical Usage of NTLM Hashes | ||
| Details | Website | 2016-05-18 | 14 | An interesting route to domain admin- iSCSI | Pen Test Partners | ||
| Details | Website | 2016-05-03 | 7 | Using PowerShell to Identify Federated Domains | ||
| Details | Website | 2016-04-06 | 0 | Five SQL Best Practices | Imperva | ||
| Details | Website | 2016-03-16 | 6 | DIY: How to build your own host-based IDS (HIDS) using OSSEC | Pen Test Partners | ||
| Details | Website | 2015-12-31 | 2 | Cracking Kerberos TGS Tickets Using Kerberoast – Exploiting Kerberos to Compromise the Active Directory Domain | ||
| Details | Website | 2015-11-22 | 0 | Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync | ||
| Details | Website | 2015-11-16 | 0 | Bypassing TPM-based Bitlocker – Sec Team Blog | ||
| Details | Website | 2015-10-01 | 0 | PowerShell: Filter by User when Querying the Security Event Log with Get-WinEvent and the FilterHashTable Parameter · Mike F. Robbins | ||
| Details | Website | 2015-03-03 | 6 | Threat Spotlight: Angler Lurking in the Domain Shadows | ||
| Details | Website | 2014-11-10 | 9 | Kerberos & KRBTGT: Active Directory’s Domain Kerberos Service Account | ||
| Details | Website | 2014-11-06 | 1 | Real-World Attack Scenario: From Blind, Timing-Based SQL Injection to Windows Domain Administrator | ||
| Details | Website | 2014-10-22 | 6 | Simple Guide to Setup AWS Directory Service | ||
| Details | Website | 2014-04-28 | 26 | Decrypting IIS Passwords to Break Out of the DMZ: Part 2 | ||
| Details | Website | 2014-01-06 | 6 | Faster Domain Escalation using LDAP |