Feature, not bug: DNSAdmin to DC compromise in one line
Tags
attack-pattern: Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Domains - T1583.001 Domains - T1584.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID e5a72d2f-8d85-48b6-a200-4c23da5d7057
Fingerprint 84a085d148248a94
Analysis status DONE
Considered CTI value 0
Text language
Published May 10, 2017, 4:49 p.m.
Added to db Feb. 17, 2023, 11:36 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Feature, not bug: DNSAdmin to DC compromise in one line
Title Feature, not bug: DNSAdmin to DC compromise in one line
Detected Hints/Tags/Attributes 30/1/11
Source URLs
Redirection Url
Details Source https://medium.com/@esnesenon/feature-not-bug-dnsadmin-to-dc-compromise-in-one-line-a0f779b8dc83
URL Provider
Details Provider Source level domain
Details medium.com medium.com
Attributes
Details Type #Events CTI Value
Details Domain 201 
msdn.microsoft.com
Details Domain 281 
docs.microsoft.com
Details Domain 369 
microsoft.com
Details Email 8 
secure@microsoft.com
Details File 1 
cc448821.aspx
Details File 11 
dns.exe
Details File 3 
c:\windows\system32\dns.exe
Details File 9 
dnscmd.exe
Details Url 1 
https://msdn.microsoft.com/en-us/library/cc448821.aspx
Details Url 1 
https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/dnscmd
Details Windows Registry Key 3 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DNS\Parameters\ServerLevelPluginDll