| T1003.006 - DCSYNC | |||
|---|---|---|---|
| Tools | Mimikatz lsadump::dcsync | Empire Invoke-DCSync.ps1 | Impacket secretdump.py |
| Extended Rights | 0x100 - Control Access {19195a5b-6da0–11d0-afd3–00c04fd930c9} — Domain-DNS Class(Object) {1131f6ad-9c07–11d1-f79f-00c04fc2dcd2}- DS-Replication-Get-Changes-All(Extended Right) | ||
| RPC Protocol | Directory Replication Service | ||
| RPC Interface | DRSUAPI (e3514235-4b06-11d1-ab04-00c04fc2dcd2) C:\windows\system32\ntdsai.dll C:\windows\system32\ntdsapi.dll | ||
| RPC Method | GetNCChanges REQ/REPLY | ||
| Behavior | Replication of a NC Replica | ||