Skip to content

Hide Navigation Hide TOC

Create Volume Shadow Copy with Powershell (afd12fed-b0ec-45c9-a13d-aa86625dac81)

Adversaries may attempt to access or create a copy of the Active Directory domain database in order to steal credential information

Cluster A Galaxy A Cluster B Galaxy B Level
Create Volume Shadow Copy with Powershell (afd12fed-b0ec-45c9-a13d-aa86625dac81) Sigma-Rules NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern 1
NTDS - T1003.003 (edf91964-b26e-4b4a-9600-ccacd7d7df24) Attack Pattern OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern 2