DCSync attack this technique is an attack that allows to simulate the behavior of the Domain Controller (DC) in order to retrieve password data via domain replication. Utilizing the Microsoft Directory Replication Service Remote Protocol (MS-DRSR) to simulate the behavior of a DC the attack take's advantage of valid and necessary functions of Active Directory, which cannot be turned off or disabled.

Last updated