Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Pluralsight

Volt Typhoon: T1003.003 Credential Dumping Emulation

via Pluralsight

Overview

Explore how Volt Typhoon created a copy of the Active Directory domain database in a critical infrastructure network in order to steal credential information.

Adversaries often seek to extract user credentials, typically in the form of hashes or plaintext passwords, from operating systems and software. These credentials can then be used to facilitate lateral movement within a network and gain access to sensitive information. Volt Typhoon used a number of techniques to obtain credentials, including extracting them from process memory and stealing Active Directory databases (NTDS). In this course, Volt Typhoon: T1003.003 Credential Dumping Emulation, you’ll focus on how Volt Typhoon created a volume shadow copy and extracted the bootkey from the system registry hive to extract password hashes from NTDS.

Syllabus

  • Volt Typhoon: T1003.003 Credential Dumping Emulation 7mins

Taught by

Matthew Lloyd Davies

Reviews

Start your review of Volt Typhoon: T1003.003 Credential Dumping Emulation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.