Domain Trust Discovery via Nltest.exe¶
Identifies execution of nltest.exe for domain trust discovery. This technique is used by attackers to enumerate Active Directory trusts.
id: | 03e231a6-74bc-467a-acb1-e5676b0fb55e |
---|---|
categories: | hunt |
confidence: | low |
os: | windows |
created: | 05/17/2019 |
updated: | 05/17/2019 |
Query¶
process where subtype.create and
process_name == "nltest.exe" and command_line == "*domain_trusts*"