@0xcc00/bypassing-edr-ntds-dit-protection-using-blueteam-tools-1d161a554f9f' rel='nofollow'>Bypassing EDR NTDS.dit protection using BlueTeam tools.
During an internal penetration test, Cortex EDR was installed in the domain controller. After obtaining Domain Admin privileges on the network, the EDR blocked all known attempts to extract the NTDS hashes. In this article, I'll share a technique I used to bypass this obstacle.
During an internal penetration test, Cortex EDR was installed in the domain controller. After obtaining Domain Admin privileges on the network, the EDR blocked all known attempts to extract the NTDS hashes. In this article, I'll share a technique I used to bypass this obstacle.