Home
ATT&CK Techniques
T1482 Domain Trust Discovery

T1482 Domain Trust Discovery Mappings

Adversaries may attempt to gather information on domain trust relationships that may be used to identify lateral movement opportunities in Windows multi-domain/forest environments. Domain trusts provide a mechanism for a domain to allow access to resources based on the authentication procedures of another domain.(Citation: Microsoft Trusts) Domain trusts allow the users of the trusted domain to access resources in the trusting domain. The information discovered may help the adversary conduct SID-History Injection, Pass the Ticket, and Kerberoasting.(Citation: AdSecurity Forging Trust Tickets)(Citation: Harmj0y Domain Trusts) Domain trusts can be enumerated using the DSEnumerateDomainTrusts() Win32 API call, .NET methods, and LDAP.(Citation: Harmj0y Domain Trusts) The Windows utility Nltest is known to be used by adversaries to enumerate domain trusts.(Citation: Microsoft Operation Wilysupply)

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-4	Information Flow Enforcement	Protects	T1482	Domain Trust Discovery
CA-8	Penetration Testing	Protects	T1482	Domain Trust Discovery
CM-6	Configuration Settings	Protects	T1482	Domain Trust Discovery
CM-7	Least Functionality	Protects	T1482	Domain Trust Discovery
RA-5	Vulnerability Monitoring and Scanning	Protects	T1482	Domain Trust Discovery
SA-17	Developer Security and Privacy Architecture and Design	Protects	T1482	Domain Trust Discovery
SA-8	Security and Privacy Engineering Principles	Protects	T1482	Domain Trust Discovery
SC-46	Cross Domain Policy Enforcement	Protects	T1482	Domain Trust Discovery
SC-7	Boundary Protection	Protects	T1482	Domain Trust Discovery
action.malware.variety.Scan network	Scan or footprint network	related-to	T1482	Domain Trust Discovery
amazon_virtual_private_cloud	Amazon Virtual Private Cloud	technique_scores	T1482	Domain Trust Discovery