all InfoSec news
FarsightAD - PowerShell Script That Aim To Help Uncovering (Eventual) Persistence Mechanisms Deployed By A Threat Actor Following An Active Directory Domain Compromise
KitPloit - PenTest Tools! www.kitploit.com
FarsightAD is a PowerShell script that aim to help uncovering (eventual) persistence mechanisms deployed by a threat actor following an Active Directory domain compromise.
The script produces CSV / JSON file exports of various objects and their attributes, enriched with timestamps from replication metadata. Additionally, if executed with replication privileges, the Directory Replication Service (DRS) protocol is leveraged to detect fully or partially hidden objects.
For more information, refer to the SANS DFIR Summit 2022 introductory slides.
Prerequisite
FarsightAD …
active directory actor aim compromise directory domain persistence powershell powershell script script threat threat actor windows windows 10