Protecting Against Active Directory DCSync Attacks

clear-text password. There are several handy techniques available to dump credentials from a compromised Windows endpoint. For example, an attacker can obtain credentials from LSASS Memory, the SAM database, Cached Domain Credentials, or by abusing Replicating Directory permissions. They can use these obtained credentials to perform lateral movement and gain a greater level of access.