The primary techniques for dumping credentials from Active Directory involve interacting with LSASS on a live DC, grabbing a copy of the AD datafile (ntds.dit), or tricking a Domain Controller into replicating password data to the attacker (“I’m a Domain Controller!”). The methods covered here require elevated rights since they involve connecting to the Domain Controller to dump credentials....READ MORE