DCSync

DCSync is a post-exploitation technique used by attackers to simulate the behavior of a Domain Controller (DC) and extract sensitive data, such as password hashes, from Active Directory (AD). This method is not classified as traditional malware like a cryptominer or rootkit; instead, it's a technique often employed by threat actors who have already gained privileged access within a network.