T1482 Domain Trust Discovery Mappings

Adversaries may attempt to gather information on domain trust relationships that may be used to identify lateral movement opportunities in Windows multi-domain/forest environments. Domain trusts provide a mechanism for a domain to allow access to resources based on the authentication procedures of another domain.(Citation: Microsoft Trusts) Domain trusts allow the users of the trusted domain to access resources in the trusting domain. The information discovered may help the adversary conduct SID-History Injection, Pass the Ticket, and Kerberoasting.(Citation: AdSecurity Forging Trust Tickets)(Citation: Harmj0y Domain Trusts) Domain trusts can be enumerated using the DSEnumerateDomainTrusts() Win32 API call, .NET methods, and LDAP.(Citation: Harmj0y Domain Trusts) The Windows utility Nltest is known to be used by adversaries to enumerate domain trusts.(Citation: Microsoft Operation Wilysupply)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-4 Information Flow Enforcement Protects T1482 Domain Trust Discovery
CA-8 Penetration Testing Protects T1482 Domain Trust Discovery
CM-6 Configuration Settings Protects T1482 Domain Trust Discovery
CM-7 Least Functionality Protects T1482 Domain Trust Discovery
PL-8 Security and Privacy Architectures Protects T1482 Domain Trust Discovery
RA-5 Vulnerability Monitoring and Scanning Protects T1482 Domain Trust Discovery
SA-17 Developer Security and Privacy Architecture and Design Protects T1482 Domain Trust Discovery
SA-8 Security and Privacy Engineering Principles Protects T1482 Domain Trust Discovery
SC-46 Cross Domain Policy Enforcement Protects T1482 Domain Trust Discovery
SC-7 Boundary Protection Protects T1482 Domain Trust Discovery
network_security_groups Network Security Groups technique_scores T1482 Domain Trust Discovery
azure_sentinel Azure Sentinel technique_scores T1482 Domain Trust Discovery
microsoft_defender_for_identity Microsoft Defender for Identity technique_scores T1482 Domain Trust Discovery
azure_defender_for_app_service Azure Defender for App Service technique_scores T1482 Domain Trust Discovery