DCSync

Tags

Malware

Incidents

Campaign targeting exposed FortiGate firewall management interfaces

References

https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit

Last edited

Feb 20, 2025 3:29 PM

DCSync is a post-exploitation technique used by attackers to simulate the behavior of a Domain Controller (DC) and extract sensitive data, such as password hashes, from Active Directory (AD). This method is not classified as traditional malware like a cryptominer or rootkit; instead, it's a technique often employed by threat actors who have already gained privileged access within a network.