The DCShadow is an attack which tries to modify existing data in the Active Directory by using legitimate API’s which are used by domain controllers. This technique can be used in a workstation as a post-domain compromise tactic for establishing domain persistence bypassing most SIEM solutions. Originally it has been introduced by Benjamin Delpy and […]

Link: https://pentestlab.blog/2018/04/16/dcshadow/