<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1482

          術語表: /attack/glossary

          域信任披露

          對手可能會嘗試收集有關域信任關系的信息,這些信息可用于識別Windows多域/林環境中的橫向移動(TA0008)機會。域信任為域提供了一種機制,該機制允許基于另一個域的身份驗證過程訪問資源。[1]域信任允許受信任域的用戶訪問信任域中的資源。發現的信息可以幫助對手進行SID歷史記錄注入(T1178),通過票證(T1097)和Kerberoasting(T1208)??梢允褂肈SEnumerateDomainTrusts()Win32 API調用,.NET方法和LDAP來枚舉域信任。已知Windows實用工具Nltest(S0359)被對手用來枚舉域信任。

          Domain Trust Discovery

          Adversaries may attempt to gather information on domain trust relationships that may be used to identify Lateral Movement opportunities in Windows multi-domain/forest environments. Domain trusts provide a mechanism for a domain to allow access to resources based on the authentication procedures of another domain.Domain trusts allow the users of the trusted domain to access resources in the trusting domain. The information discovered may help the adversary conduct SID-History Injection, Pass the Ticket, and Kerberoasting Domain trusts can be enumerated using the DSEnumerateDomainTrusts() Win32 API call, .NET methods, and LDAP.The Windows utility Nltest is known to be used by adversaries to enumerate domain trusts.

          標簽

          ID編號: T1482

          策略: 發現

          平臺: Windows

          所需權限: user

          數據源: PowerShell日志,API監視,進程命令行參數,進程監視

          程序示例

          名稱 描述
          dsquery(S0105) dsquery(S0105) 可用于通過收集有關域信任的信息dsquery * -filter "(objectClass=trustedDomain)" -attr *。
          Empire(S0363) Empire(S0363) 擁有用于枚舉域信任的模塊。
          Nltest (S0359) Nltest (S0359)可用于通過使用諸如的命令來枚舉受信任的域nltest /domain_trusts。
          [PPoshC2(S0378) PoshC2(S0378) 具有用于枚舉域信任的模塊。
          PowerSploit(S0194) PowerSploit(S0194)具有諸如Get-NetDomainTrustGet-NetForestTrust枚舉域和林信任的模塊。
          TrickBot(S0266) TrickBot(S0266) 可以利用Nltest (S0359)收集有關域信任的信息。
          Name Description
          dsquery(S0105) dsquery(S0105) can be used to gather information on domain trusts with dsquery * -filter "(objectClass=trustedDomain)" -attr *.
          Empire(S0363) Empire(S0363) has modules for enumerating domain trusts.
          Nltest (S0359) Nltest (S0359) may be used to enumerate trusted domains by using commands such as nltest /domain_trusts.
          PoshC2(S0378) PoshC2(S0378) has modules for enumerating domain trusts.
          PowerSploit(S0194) PowerSploit(S0194) has modules such as Get-NetDomainTrust and Get-NetForestTrust to enumerate domain and forest trusts.
          TrickBot(S0266) TrickBot(S0266) can gather information about domain trusts by utilizing Nltest (S0359)

          緩解措施

          緩解 描述
          審計(M1047) 在現有域/林中映射信任關系,并將信任關系保持在最低限度。
          網絡細分(M1030) 對敏感域采用網絡分段
          Mitigation Description
          Audit(M1047) Map the trusts within existing domains/forests and keep trust relationships to a minimum.
          Network Segmentation(M1030) Employ network segmentation for sensitive domains.

          檢測

          當對手了解環境時,系統和網絡發現技術通常會在整個操作中出現。不應孤立地看待數據和事件,而應將其視為行為鏈的一部分,這些行為可能導致基于所獲取信息的其他活動。

          監視進程和命令行參數以了解可采取哪些措施來收集系統和網絡信息,例如nltest /domain_trusts。具有內置功能的遠程訪問工具可以直接與Windows API交互以收集信息。查找DSEnumerateDomainTrusts()Win32 API調用以發現與域信任發現(T1482)關聯的活動。也可以通過Windows系統管理工具(如PowerShell(T1086)獲取信息。.NET方法GetAllTrustRelationships()可以指示域信任發現(T1482)。

          System and network discovery techniques normally occur throughout an operation as an adversary learns the environment. Data and events should not be viewed in isolation but as part of a chain of behavior that could lead to other activities based on the information obtained.

          Monitor processes and command-line arguments for actions that could be taken to gather system and network information, such as nltest /domain_trusts. Remote access tools with built-in features may interact directly with the Windows API to gather information. Look for the DSEnumerateDomainTrusts() Win32 API call to spot activity associated with Domain Trust Discovery(T1482).Information may also be acquired through Windows system management tools such as PowerShell(T1086). The .NET method GetAllTrustRelationships() can be an indicator of Domain Trust Discovery(T1482)

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看