Explore NTDS dumping attacks with the Active Directory Series.

We've reached the finale of our six-part series on detecting Active Directory attacks, and the final two (2) Sherlocks are now live!

Here’s how these new scenarios will prepare you to handle real-world Active Directory threats:

CrownJewel-1: This Sherlock focuses on detecting NTDS.dit dumping. You’re tasked to analyze event logs and the Master File Table (MFT) to respond to an attack using the vssadmin utility, sharpening your incident response skills.

CrownJewel-2: In this scenario, the focus remains on detecting NTDS.dit dumping, but with a twist - here, the attacker employs the ntdsutil utility. By analyzing event logs, you’ll practice the necessary steps to respond effectively to this specific attack vector.

To streamline team training, we’ve launched a new Path in Dedicated Labs that bundles all six Sherlocks, making it easy for managers to upskill their teams in one go.

And for those looking to dive even deeper into NTDS.dit dumping attacks, check out our latest blog post for additional insights and tips.