Active Directory 환경에서의 Domain Cached Credentials 원리와 공격 동향

Content may be unverified or unsafe. Report
ChatGPTChatGPT
Citations

Cached Domain Credentials

https://moyix.blogspot.com/2008/02/cached-domain-credentials.html

Dumping and Cracking mscash - Cached Domain Credentials | Red Team Notes

https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-and-cracking-mscash-cached-domain-credentials

Cached Domain Credentials

https://moyix.blogspot.com/2008/02/cached-domain-credentials.html

Cached Domain Credentials

https://moyix.blogspot.com/2008/02/cached-domain-credentials.html

Cached Domain Credentials

https://moyix.blogspot.com/2008/02/cached-domain-credentials.html

Cached Domain Credentials

https://moyix.blogspot.com/2008/02/cached-domain-credentials.html

Cached Domain Credentials

https://moyix.blogspot.com/2008/02/cached-domain-credentials.html

Cached Domain Credentials

https://moyix.blogspot.com/2008/02/cached-domain-credentials.html

Cached Domain Credentials

https://moyix.blogspot.com/2008/02/cached-domain-credentials.html

OS Credential Dumping: Cached Domain Credentials, Sub-technique T1003.005 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/techniques/T1003/005/

MSCash2 Algorithm [Openwall Community Wiki]

https://openwall.info/wiki/john/MSCash2

MSCash2 Algorithm [Openwall Community Wiki]

https://openwall.info/wiki/john/MSCash2

MSCash2 Algorithm [Openwall Community Wiki]

https://openwall.info/wiki/john/MSCash2

MSCash2 Algorithm [Openwall Community Wiki]

https://openwall.info/wiki/john/MSCash2

cache | The Hacker Tools

https://tools.thehacker.recipes/mimikatz/modules/lsadump/cache

cache | The Hacker Tools

https://tools.thehacker.recipes/mimikatz/modules/lsadump/cache

OS Credential Dumping: Cached Domain Credentials, Sub-technique T1003.005 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/techniques/T1003/005/

MuddyWater, Earth Vetala, MERCURY, Static Kitten, Seedworm, TEMP.Zagros, Mango Sandstorm, TA450, Group G0069 | MITRE ATT&CK®

https://attack.mitre.org/groups/G0069/

Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers | Mandiant | Google Cloud Blog

https://cloud.google.com/blog/topics/threat-intelligence/mandiant-red-team-emulates-fin11-tactics

Cached Domain Credentials

https://moyix.blogspot.com/2008/02/cached-domain-credentials.html

OS Credential Dumping: Cached Domain Credentials, Sub-technique T1003.005 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/techniques/T1003/005/

HiveNightmare; from Domain User to domain wide ransomware. | by Rich | Medium

https://happycamper84.medium.com/hivenightmare-from-domain-user-to-domain-wide-ransomware-a-5c177e1b0bcc

HiveNightmare; from Domain User to domain wide ransomware. | by Rich | Medium

https://happycamper84.medium.com/hivenightmare-from-domain-user-to-domain-wide-ransomware-a-5c177e1b0bcc

HiveNightmare; from Domain User to domain wide ransomware. | by Rich | Medium

https://happycamper84.medium.com/hivenightmare-from-domain-user-to-domain-wide-ransomware-a-5c177e1b0bcc

HiveNightmare; from Domain User to domain wide ransomware. | by Rich | Medium

https://happycamper84.medium.com/hivenightmare-from-domain-user-to-domain-wide-ransomware-a-5c177e1b0bcc

HiveNightmare; from Domain User to domain wide ransomware. | by Rich | Medium

https://happycamper84.medium.com/hivenightmare-from-domain-user-to-domain-wide-ransomware-a-5c177e1b0bcc

#StopRansomware: Phobos Ransomware | CISA

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060a

HiveNightmare; from Domain User to domain wide ransomware. - Rich

https://happycamper84.medium.com/hivenightmare-from-domain-user-to-domain-wide-ransomware-a-5c177e1b0bcc

Windows Server 2022 must limit the caching of logon credentials to ...

https://www.stigviewer.com/stig/microsoft_windows_server_2022/2024-06-14/finding/V-254432

Network access Do not allow storage of passwords and credentials ...

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/network-access-do-not-allow-storage-of-passwords-and-credentials-for-network-authentication

Hunting with Elastic Security: Detecting credential dumping with ES|QL | Elastic Blog

https://www.elastic.co/blog/elastic-security-detecting-credential-dumping

cache | The Hacker Tools

https://tools.thehacker.recipes/mimikatz/modules/lsadump/cache

cache | The Hacker Tools

https://tools.thehacker.recipes/mimikatz/modules/lsadump/cache

Hunting with Elastic Security: Detecting credential dumping with ES|QL | Elastic Blog

https://www.elastic.co/blog/elastic-security-detecting-credential-dumping

Detecting Attempts to Steal Passwords from the Registry | by David French | threatpunter | Medium

https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-the-registry-7512674487f8

Detecting Attempts to Steal Passwords from the Registry | by David French | threatpunter | Medium

https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-the-registry-7512674487f8

Detecting Attempts to Steal Passwords from the Registry | by David French | threatpunter | Medium

https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-the-registry-7512674487f8

Detecting Attempts to Steal Passwords from the Registry | by David French | threatpunter | Medium

https://medium.com/threatpunter/detecting-attempts-to-steal-passwords-from-the-registry-7512674487f8
All Sources
moyix.blogspot
ired
attack.mitre
openwall
tools.thehacker
cloud.google
happycamper84.medium
cisa
stigviewer
learn.microsoft
elastic
medium