Glossary

DCSYNC ATTACK
defined.

An attack that abuses the Microsoft Replication Service protocol to extract password hashes from a domain controller — without ever logging on to it.

A–Z

What is DCSync Attack?

Any principal with Replicating Directory Changes + Replicating Directory Changes All rights can DCSync. Tools: Mimikatz lsadump::dcsync, secretsdump.py. Defence: audit DS-Replication-Get-Changes ACL holders and alert on DRSUAPI from non-DC sources.

Related terms.

Golden Ticket
Pass the Hash
Kerberoasting
Privilege Escalation

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

DCSYNC ATTACKdefined.

What is DCSync Attack?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

DCSYNC ATTACK
defined.

BOOK A FREE
scoping call.