Detections
Analytics
Rogue Domain Controllers
high
Language:
Description
A rogue domain controller has been detected in the monitored infrastructure. It could allow attackers to steal credentials.
Solution
Illegitimate domain controllers can lead to credentials theft and should be removed.
See Also
Active Directory: What can make your million dollar SIEM go blind?
DCShadow explained: A technical deep dive into the latest AD attack technique
Indicator Details
Name: Rogue Domain Controllers
Codename: C-DCSHADOW
Severity: High
Attacker Known Tools
Benjamin Delpy: Mimikatz - DCShadow module