Domain Trust Discovery (T1482)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Domain Trust Discovery

Associated Tactics

  • Discovery

Discovery (TA0007)

The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.

View on ATT&CK

Procedure Examples

Description Source(s)
Florio, E.. (2017, May 4). Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack. Retrieved February 14, 2019. Microsoft Operation Wilysupply
Metcalf, S. (2015, July 15). It’s All About Trust – Forging Kerberos Trust Tickets to Spoof Access across Active Directory Trusts. Retrieved February 14, 2019. AdSecurity Forging Trust Tickets
Microsoft. (2009, October 7). Trust Technologies. Retrieved February 14, 2019. Microsoft Trusts
Microsoft. (n.d.). Domain.GetAllTrustRelationships Method. Retrieved February 14, 2019. Microsoft GetAllTrustRelationships
Schroeder, W. (2017, October 30). A Guide to Attacking Domain Trusts. Retrieved February 14, 2019. Harmj0y Domain Trusts