5 matches found
DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense
DCSync Detection Without Signatures: Trellix NDR and the Power of Technique-Based Defense By Maulik Maheta and Chao Sun · April 14, 2026 Executive summary A DCSync attack is one of the most formidable techniques an adversary can deploy after gaining a foothold in an Active Directory AD environmen...
When SPNs Go Rogue: Detection and Remediation with Trellix NDR
When SPNs Go Rogue: Detection and Remediation with Trellix NDR By Maulik Maheta and Henry Bernabe · February 10, 2026 Executive summary Service Principal Names SPNs are essential for Kerberos authentication in Active Directory AD, but misconfigurations, such as assigning SPNs to standard user...
The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR
The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR By Maulik Maheta and Chao Sun · December 17, 2025 Executive summary DCShadow is a covert post-exploitation technique that enables an attacker to impersonate a domain controller and make unauthorized,...
Silent Domain Hijack: Detecting DCSync with Trellix NDR
Silent Domain Hijack: Uncovering the DCSync Attack and Detecting with Trellix NDR By Maulik Maheta and Chao Sun · December 10, 2025 Executive summary DCSync is one of the most powerful and stealthy techniques an attacker can use once they have gained access to an Active Directory AD environment...
Exposing PathWiper: DCOM Abuse and Network Erasure
Exposing PathWiper: A Deep Dive into DCOM Abuse and Network Erasure With Trellix NDR By Maulik Maheta and Lishoy Mathew · August 12, 2025 Executive summary Ukraine’s national energy and telecommunications infrastructure was the primary targets of the PathWiper attack in 2025. The attack was...