Account Credential Theft in Domain Environments Detected by EDR

The “Internal Reconnaissance in Domain Environments Detected by EDR” [1] post covered cases where EDR was used to detect the process of a threat actor taking over a system in an Active Directory environment before conducting internal reconnaissance to collect information. If an organization’s infrastructure is an environment that uses Active Directory, the threat actor can perform internal reconnaissance to collect information on the domain environment, steal account credentials, use these for lateral movement, and ultimately seize control over the …

account active directory actor cases collect credential credential theft detect directory domain edr environment environments information infrastructure internal malware analysis organization process reconnaissance system theft threat threat actor