BackupOperatorToolkit - The BackupOperatorToolkit Contains Different Techniques Allowing You To Escalate From Backup Operator To Domain Admin - RedPacket Security
Tags
attack-pattern: Ntds - T1003.003 Powershell - T1059.001 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 1f344199-cff2-4739-a052-eae61214794b
Fingerprint 3fe245e1eca33cc9
Analysis status DONE
Considered CTI value 0
Text language
Published June 16, 2023, 10:02 p.m.
Added to db June 16, 2023, 11:29 p.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline RedPacket Security
Title BackupOperatorToolkit - The BackupOperatorToolkit Contains Different Techniques Allowing You To Escalate From Backup Operator To Domain Admin - RedPacket Security
Detected Hints/Tags/Attributes 16/1/10
Source URLs
Redirection Url
Details Source https://www.redpacketsecurity.com/backupoperatortoolkit-the-backupoperatortoolkit-contains-different-techniques-allowing-you-to-escalate-from-backup-operator-to-domain-admin/
URL Provider
Details Provider Source level domain
Details redpacketsecurity.com www.redpacketsecurity.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 361 RedPacket Security https://www.redpacketsecurity.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 1 
domain.dk
Details Domain 1 
target.domain.dk
Details File 21 
runas.exe
Details File 1208 
powershell.exe
Details File 1 
backupoperatortoolkit.exe
Details File 86 
service.exe
Details File 81 
werfault.exe
Details File 380 
notepad.exe
Details File 2 
pwn.exe
Details Windows Registry Key 1 
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA