MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Credential Access/ T1003.003

T1003.003NTDS

T1003.003 — NTDS is a MITRE ATT&CK technique in the Credential Access tactic. Clankerusecase tracks 6 detection use cases covering it.

Credential Access

View on the matrix → Filter Detection Library MITRE official spec ↗

6Use cases

0Articles

0Sub-techniques

1Tactic

↑ Parent technique: T1003 · OS Credential Dumping

Use cases covering this technique (6)

Creation of Shadow Copy ESCU actions · alerting P Creation of Shadow Copy with wmic and powershell ESCU actions · alerting P Credential Dumping via Copy Command from Shadow Copy ESCU actions · alerting P Credential Dumping via Symlink to Shadow Copy ESCU actions · alerting P Ntdsutil Export NTDS ESCU actions · alerting P SecretDumps Offline NTDS Dumping Tool ESCU actions · alerting P