Description of the attack: https://www.dcshadow.com/

 

Detection of the attack:

PowerShell: https://github.com/AlsidOfficial/UncoverDCShadow

ATA Azure ATP detection: https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/How-Azure-Advanced-Threat-Protection-detects-the-DCShadow-attack/ba-p/265740

Other articles:

https://blog.stealthbits.com/detecting-dcshadow-with-event-logs/

 

 

 

 

Advertisements