Rogue Domain Controller (T1207)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Rogue Domain Controller

Associated Tactics

  • Defense Evasion

Defense Evasion (TA0005)

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

View on ATT&CK

Procedure Examples

Description Source(s)
Delpy, B. & LE TOUX, V. (n.d.). DCShadow. Retrieved March 20, 2018. DCShadow Blog
Metcalf, S. (2015, November 13). Unofficial Guide to Mimikatz & Command Reference. Retrieved December 23, 2015. Adsecurity Mimikatz Guide
Spencer S. (2018, February 22). DCSYNCMonitor. Retrieved March 30, 2018. GitHub DCSYNCMonitor
Microsoft. (n.d.). Polling for Changes Using the DirSync Control. Retrieved March 30, 2018. Microsoft DirSync
Lucand,G. (2018, February 18). Detect DCShadow, impossible?. Retrieved March 30, 2018. ADDSecurity DCShadow Feb 2018